CVE-2021-47406 – A vulnerability in the Linux kernel's ext4 file... (How to Fix)

Q: What is the severity of CVE-2021-47406?

CVE-2021-47406 has a CVSS score of 5.5 (MEDIUM). A vulnerability in the Linux kernel's ext4 filesystem implementation allows an infinite loop condition during fast commit replay when processing corrupted filesystems with inline_data enabled. This affects Linux systems using ext4 with fast_commit and inline_data features. The vulnerability can cause system lockups during filesystem recovery operations.

📋 TL;DR

A vulnerability in the Linux kernel's ext4 filesystem implementation allows an infinite loop condition during fast commit replay when processing corrupted filesystems with inline_data enabled. This affects Linux systems using ext4 with fast_commit and inline_data features. The vulnerability can cause system lockups during filesystem recovery operations.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with vulnerable ext4 fast_commit implementation (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires ext4 filesystem with both fast_commit and inline_data features enabled. Not all systems use these features by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System becomes completely unresponsive during filesystem recovery, requiring hard reboot and potentially causing data corruption or loss.

🟠

Likely Case

System hangs during journal recovery operations, requiring manual intervention and potentially disrupting services.

🟢

If Mitigated

System continues operation with potential filesystem corruption warnings but avoids complete lockup.

🌐 Internet-Facing: LOW - This vulnerability requires local filesystem access and specific conditions to trigger.

🏢 Internal Only: MEDIUM - Internal systems with ext4 filesystems using fast_commit and inline_data could experience service disruption during recovery operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires ability to corrupt filesystem metadata and trigger fast commit replay. Primarily a denial-of-service issue rather than privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 1fd95c05d8f742abfe906620780aee4dbe1a2db0, 27e10c5d31ff1d222c7f797f1ee96d422859ba67, a63474dbf692dd09b50fed592bc41f6de5f102fc

Vendor Advisory: https://git.kernel.org/stable/c/1fd95c05d8f742abfe906620780aee4dbe1a2db0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable fast_commit feature

linux

Mount ext4 filesystems without fast_commit feature to avoid the vulnerable code path

mount -o remount,no_fast_commit /mount/point

Disable inline_data feature

linux

Mount ext4 filesystems without inline_data feature

mount -o remount,noinline_data /mount/point

🧯 If You Can't Patch

Disable fast_commit on all ext4 filesystems using mount options
Implement monitoring for console messages about 'ext4_block_to_path' warnings

🔍 How to Verify

Check if Vulnerable:

Check if system logs contain 'EXT4-fs warning: ext4_block_to_path: block > max in inode' messages during filesystem operations

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains the fix commits: uname -r and verify with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

EXT4-fs warning (device dm-*): ext4_block_to_path:105: block * > max in inode *
System becoming unresponsive during filesystem operations

Network Indicators:

None - this is a local filesystem issue

SIEM Query:

source="kernel" AND "ext4_block_to_path" AND "block > max in inode"

📊 Metadata

CVE ID: CVE-2021-47406

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-835

Published: May 21, 2024

Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47406, you might also want to check these: