CVE-2021-47656

Summary

CVE-2021-47656 is a use-after-free vulnerability affecting the Linux kernel's jffs2 file system. When mounting a jffs2 image, an error in jffs2_scan_eraseblock() causes an incorrect assumption about the image's structure. As a result, jffs2_clear_xattr_subsystem() is executed twice, leading to a use-after-free condition. This vulnerability can result in a kernel crash and potentially allow an attacker to execute arbitrary code. The error occurs during the jffs2_fill_super() function call, and the affected memory is freed and later reused by jffs2_clear_xattr_subsystem(). To mitigate this issue, the call to jffs2_clear_xattr_subsystem() should be moved from 'out_inohash' to 'out_root' in the jffs2_build_filesystem() function.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.