Race Condition Affecting kernel-tools-devel package, versions <0:4.14.246-187.474.amzn2
Threat Intelligence
EPSS
0.05% (16th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELTOOLSDEVEL-1703732
- published 27 Sep 2021
- disclosed 3 Sep 2021
Introduced: 3 Sep 2021
CVE-2021-40490 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2 kernel-tools-devel to version 0:4.14.246-187.474.amzn2 or higher.
This issue was patched in ALAS2-2021-1704.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools-devel package and not the kernel-tools-devel package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
References
- https://security.netapp.com/advisory/ntap-20211004-0001/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40490
- https://www.debian.org/security/2021/dsa-4978
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N/
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N/
CVSS Scores
version 3.1