{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47366", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.810Z", "datePublished": "2024-05-21T15:03:33.176Z", "dateUpdated": "2025-05-04T07:09:27.646Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:09:27.646Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server\n\nAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and\nLinux's afs client switches between them when talking to a non-YFS server\nif the read size, the file position or the sum of the two have the upper 32\nbits set of the 64-bit value.\n\nThis is a problem, however, since the file position and length fields of\nFS.FetchData are *signed* 32-bit values.\n\nFix this by capturing the capability bits obtained from the fileserver when\nit's sent an FS.GetCapabilities RPC, rather than just discarding them, and\nthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then be\nused to decide whether to use FS.FetchData or FS.FetchData64 - and also\nFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to\nswitch on the parameter values.\n\nThis capabilities flag could also be used to limit the maximum size of the\nfile, but all servers must be checked for that.\n\nNote that the issue does not exist with FS.StoreData - that uses *unsigned*\n32-bit values. It's also not a problem with Auristor servers as its\nYFS.FetchData64 op uses unsigned 64-bit values.\n\nThis can be tested by cloning a git repo through an OpenAFS client to an\nOpenAFS server and then doing \"git status\" on it from a Linux afs\nclient[1]. Provided the clone has a pack file that's in the 2G-4G range,\nthe git status will show errors like:\n\n\terror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\n\terror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\n\nThis can be observed in the server's FileLog with something like the\nfollowing appearing:\n\nSun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001\nSun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866\n...\nSun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5\n\nNote the file position of 18446744071815340032. This is the requested file\nposition sign-extended."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/afs/fs_probe.c", "fs/afs/fsclient.c", "fs/afs/internal.h", "fs/afs/protocol_afs.h", "fs/afs/protocol_yfs.h"], "versions": [{"version": "b9b1f8d5930a813879278d0cbfc8c658d6a038dc", "lessThan": "e66fc460d6dcf85cf12288e133a081205aebcd97", "status": "affected", "versionType": "git"}, {"version": "b9b1f8d5930a813879278d0cbfc8c658d6a038dc", "lessThan": "b537a3c21775075395af475dcc6ef212fcf29db8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/afs/fs_probe.c", "fs/afs/fsclient.c", "fs/afs/internal.h", "fs/afs/protocol_afs.h", "fs/afs/protocol_yfs.h"], "versions": [{"version": "2.6.22", "status": "affected"}, {"version": "0", "lessThan": "2.6.22", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.9", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.22", "versionEndExcluding": "5.14.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.22", "versionEndExcluding": "5.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97"}, {"url": "https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8"}], "title": "afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:37:26.717348Z", "id": "CVE-2021-47366", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:38:20.276Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.615Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.615Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47366", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:37:26.717348Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:37:27.786Z"}}], "cna": {"title": "afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b9b1f8d5930a813879278d0cbfc8c658d6a038dc", "lessThan": "e66fc460d6dcf85cf12288e133a081205aebcd97", "versionType": "git"}, {"status": "affected", "version": "b9b1f8d5930a813879278d0cbfc8c658d6a038dc", "lessThan": "b537a3c21775075395af475dcc6ef212fcf29db8", "versionType": "git"}], "programFiles": ["fs/afs/fs_probe.c", "fs/afs/fsclient.c", "fs/afs/internal.h", "fs/afs/protocol_afs.h", "fs/afs/protocol_yfs.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.22"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.22", "versionType": "semver"}, {"status": "unaffected", "version": "5.14.9", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/afs/fs_probe.c", "fs/afs/fsclient.c", "fs/afs/internal.h", "fs/afs/protocol_afs.h", "fs/afs/protocol_yfs.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97"}, {"url": "https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server\n\nAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and\nLinux's afs client switches between them when talking to a non-YFS server\nif the read size, the file position or the sum of the two have the upper 32\nbits set of the 64-bit value.\n\nThis is a problem, however, since the file position and length fields of\nFS.FetchData are *signed* 32-bit values.\n\nFix this by capturing the capability bits obtained from the fileserver when\nit's sent an FS.GetCapabilities RPC, rather than just discarding them, and\nthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then be\nused to decide whether to use FS.FetchData or FS.FetchData64 - and also\nFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to\nswitch on the parameter values.\n\nThis capabilities flag could also be used to limit the maximum size of the\nfile, but all servers must be checked for that.\n\nNote that the issue does not exist with FS.StoreData - that uses *unsigned*\n32-bit values. It's also not a problem with Auristor servers as its\nYFS.FetchData64 op uses unsigned 64-bit values.\n\nThis can be tested by cloning a git repo through an OpenAFS client to an\nOpenAFS server and then doing \"git status\" on it from a Linux afs\nclient[1]. Provided the clone has a pack file that's in the 2G-4G range,\nthe git status will show errors like:\n\n\terror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\n\terror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\n\nThis can be observed in the server's FileLog with something like the\nfollowing appearing:\n\nSun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001\nSun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866\n...\nSun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5\n\nNote the file position of 18446744071815340032. This is the requested file\nposition sign-extended."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14.9", "versionStartIncluding": "2.6.22"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15", "versionStartIncluding": "2.6.22"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:09:27.646Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47366", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:09:27.646Z", "dateReserved": "2024-05-21T14:58:30.810Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:03:33.176Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "11311A36-8941-4E02-96B7-4807B83A7D81", "versionEndExcluding": "5.14.9", "versionStartIncluding": "2.6.22", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server\n\nAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and\nLinux's afs client switches between them when talking to a non-YFS server\nif the read size, the file position or the sum of the two have the upper 32\nbits set of the 64-bit value.\n\nThis is a problem, however, since the file position and length fields of\nFS.FetchData are *signed* 32-bit values.\n\nFix this by capturing the capability bits obtained from the fileserver when\nit's sent an FS.GetCapabilities RPC, rather than just discarding them, and\nthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then be\nused to decide whether to use FS.FetchData or FS.FetchData64 - and also\nFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to\nswitch on the parameter values.\n\nThis capabilities flag could also be used to limit the maximum size of the\nfile, but all servers must be checked for that.\n\nNote that the issue does not exist with FS.StoreData - that uses *unsigned*\n32-bit values. It's also not a problem with Auristor servers as its\nYFS.FetchData64 op uses unsigned 64-bit values.\n\nThis can be tested by cloning a git repo through an OpenAFS client to an\nOpenAFS server and then doing \"git status\" on it from a Linux afs\nclient[1]. Provided the clone has a pack file that's in the 2G-4G range,\nthe git status will show errors like:\n\n\terror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\n\terror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\n\nThis can be observed in the server's FileLog with something like the\nfollowing appearing:\n\nSun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001\nSun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866\n...\nSun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5\n\nNote the file position of 18446744071815340032. This is the requested file\nposition sign-extended."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: afs: corrige la corrupci\u00f3n en las lecturas en fpos 2G-4G desde un servidor OpenAFS. AFS-3 tiene dos variantes RPC de recuperaci\u00f3n de datos, FS.FetchData y FS.FetchData64, y conmutadores de cliente afs de Linux. entre ellos cuando se habla con un servidor que no es YFS si el tama\u00f1o de lectura, la posici\u00f3n del archivo o la suma de los dos tienen los 32 bits superiores establecidos del valor de 64 bits. Sin embargo, esto es un problema, ya que los campos de posici\u00f3n y longitud del archivo de FS.FetchData son valores *firmados* de 32 bits. Solucione este problema capturando los bits de capacidad obtenidos del servidor de archivos cuando se env\u00eda un RPC FS.GetCapabilities, en lugar de simplemente descartarlos, y luego seleccionando el indicador VICED_CAPABILITY_64BITFILES. Esto luego se puede usar para decidir si usar FS.FetchData o FS.FetchData64, y tambi\u00e9n FS.StoreData o FS.StoreData64, en lugar de usar Upper_32_bits() para activar los valores de los par\u00e1metros. Este indicador de capacidades tambi\u00e9n podr\u00eda usarse para limitar el tama\u00f1o m\u00e1ximo del archivo, pero se deben verificar todos los servidores para eso. Tenga en cuenta que el problema no existe con FS.StoreData, que utiliza valores de 32 bits *sin firmar*. Tampoco es un problema con los servidores Auristor ya que su operaci\u00f3n YFS.FetchData64 utiliza valores de 64 bits sin firmar. Esto se puede probar clonando un repositorio de git a trav\u00e9s de un cliente OpenAFS en un servidor OpenAFS y luego ejecutando el \"estado de git\" desde un cliente afs de Linux[1]. Siempre que el clon tenga un archivo de paquete que est\u00e9 en el rango 2G-4G, el estado de git mostrar\u00e1 errores como: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack no coincide con el \u00edndice error: packfile .git/objects/ pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack no coincide con el \u00edndice. Esto se puede observar en el FileLog del servidor y aparece algo como lo siguiente: Dom 29 de agosto 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114 , Anfitri\u00f3n 192.168.11.201:7001, Id 1001 dom 29 de agosto 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001 dom 29 de agosto 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154 dom 29 de agosto 19:3 1:39 2021 FetchData_RXStyle: tama\u00f1o de archivo 2400758866 ... domingo 29 de agosto 19:31:40 2021 SRXAFS_FetchData devuelve 5 Tenga en cuenta la posici\u00f3n del archivo de 18446744071815340032. Esta es la posici\u00f3n del archivo solicitada con signo extendido."}], "id": "CVE-2021-47366", "lastModified": "2025-05-12T19:53:55.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:22.633", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server", "id": "2282380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282380"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nafs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server\nAFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and\nLinux's afs client switches between them when talking to a non-YFS server\nif the read size, the file position or the sum of the two have the upper 32\nbits set of the 64-bit value.\nThis is a problem, however, since the file position and length fields of\nFS.FetchData are *signed* 32-bit values.\nFix this by capturing the capability bits obtained from the fileserver when\nit's sent an FS.GetCapabilities RPC, rather than just discarding them, and\nthen picking out the VICED_CAPABILITY_64BITFILES flag. This can then be\nused to decide whether to use FS.FetchData or FS.FetchData64 - and also\nFS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to\nswitch on the parameter values.\nThis capabilities flag could also be used to limit the maximum size of the\nfile, but all servers must be checked for that.\nNote that the issue does not exist with FS.StoreData - that uses *unsigned*\n32-bit values. It's also not a problem with Auristor servers as its\nYFS.FetchData64 op uses unsigned 64-bit values.\nThis can be tested by cloning a git repo through an OpenAFS client to an\nOpenAFS server and then doing \"git status\" on it from a Linux afs\nclient[1]. Provided the clone has a pack file that's in the 2G-4G range,\nthe git status will show errors like:\nerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\nerror: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index\nThis can be observed in the server's FileLog with something like the\nfollowing appearing:\nSun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001\nSun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154\nSun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866\n...\nSun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5\nNote the file position of 18446744071815340032. This is the requested file\nposition sign-extended.", "A flaw was found in the Linux kernel's experimental Andrew File System driver, leading to corruption in reads. This issue could allow a user to read incorrect data if this file system is being used."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module kafs from being loaded. Please see https://access.redhat.com/solutions/41278 for more information on how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2021-47366", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47366\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47366\nhttps://lore.kernel.org/linux-cve-announce/2024052139-CVE-2021-47366-04ed@gregkh/T"], "statement": "Older versions of Red Hat Enterprise Linux 8 and 9 are not affected because the config param CONFIG_AFS_FS is disabled. The latest versions of Red Hat Enterprise Linux 8 and 9 are fixed.", "threat_severity": "Moderate"}