{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-46972","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-27T18:42:55.943Z","datePublished":"2024-02-27T18:47:07.276Z","dateUpdated":"2025-05-04T07:01:26.878Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:01:26.878Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix leaked dentry\n\nSince commit 6815f479ca90 (\"ovl: use only uppermetacopy state in\novl_lookup()\"), overlayfs doesn't put temporary dentry when there is a\nmetacopy error, which leads to dentry leaks when shutting down the related\nsuperblock:\n\n  overlayfs: refusing to follow metacopy origin for (/file0)\n  ...\n  BUG: Dentry (____ptrval____){i=3f33,n=file3}  still in use (1) [unmount of overlay overlay]\n  ...\n  WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d\n  CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1\n  ...\n  RIP: 0010:umount_check.cold+0x107/0x14d\n  ...\n  Call Trace:\n   d_walk+0x28c/0x950\n   ? dentry_lru_isolate+0x2b0/0x2b0\n   ? __kasan_slab_free+0x12/0x20\n   do_one_tree+0x33/0x60\n   shrink_dcache_for_umount+0x78/0x1d0\n   generic_shutdown_super+0x70/0x440\n   kill_anon_super+0x3e/0x70\n   deactivate_locked_super+0xc4/0x160\n   deactivate_super+0xfa/0x140\n   cleanup_mnt+0x22e/0x370\n   __cleanup_mnt+0x1a/0x30\n   task_work_run+0x139/0x210\n   do_exit+0xb0c/0x2820\n   ? __kasan_check_read+0x1d/0x30\n   ? find_held_lock+0x35/0x160\n   ? lock_release+0x1b6/0x660\n   ? mm_update_next_owner+0xa20/0xa20\n   ? reacquire_held_locks+0x3f0/0x3f0\n   ? __sanitizer_cov_trace_const_cmp4+0x22/0x30\n   do_group_exit+0x135/0x380\n   __do_sys_exit_group.isra.0+0x20/0x20\n   __x64_sys_exit_group+0x3c/0x50\n   do_syscall_64+0x45/0x70\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  ...\n  VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds.  Have a nice day...\n\nThis fix has been tested with a syzkaller reproducer."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/overlayfs/namei.c"],"versions":[{"version":"6815f479ca90ee7fd2e28b2a420f796b974155fe","lessThan":"71d58457a8afc650da5d3292a7f7029317654d95","status":"affected","versionType":"git"},{"version":"6815f479ca90ee7fd2e28b2a420f796b974155fe","lessThan":"cf3e3330bc5719fa9d658e3e2f596bde89344a94","status":"affected","versionType":"git"},{"version":"6815f479ca90ee7fd2e28b2a420f796b974155fe","lessThan":"d587cfaef72b1b6f4b2774827123bce91f497cc8","status":"affected","versionType":"git"},{"version":"6815f479ca90ee7fd2e28b2a420f796b974155fe","lessThan":"eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/overlayfs/namei.c"],"versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","status":"unaffected","versionType":"semver"},{"version":"5.10.35","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.11.19","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.2","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.10.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.11.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.12.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"},{"url":"https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"},{"url":"https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"},{"url":"https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"}],"title":"ovl: fix leaked dentry","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-28T17:00:35.229463Z","id":"CVE-2021-46972","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-28T17:00:43.713Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:17:42.888Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41","tags":["x_transferred"]}]}]}}