CVE-2021-20321

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-20321
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-02-18 18:15:00 UTC
Updated2023-11-07 03:29:00 UTC
DescriptionA race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

Risk And Classification

Problem Types: CWE-362

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Linux Linux Kernel All All All All
Operating System Linux Linux Kernel 5.15 - All All
Operating System Linux Linux Kernel 5.15 rc1 All All
Operating System Linux Linux Kernel 5.15 rc2 All All
Operating System Linux Linux Kernel 5.15 rc3 All All
Operating System Linux Linux Kernel 5.15 rc4 All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 8.0 All All All

References

ReferenceSourceLinkTags
2013242 – (CVE-2021-20321) CVE-2021-20321 kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() MISC bugzilla.redhat.com
[SECURITY] [DLA 2941-1] linux-4.19 security update MLIST lists.debian.org
[PATCH 5.10 11/83] ovl: fix missing negative dentry check in ovl_rename() - Greg Kroah-Hartman lore.kernel.org
Debian -- Security Information -- DSA-5096-1 linux DEBIAN www.debian.org
[PATCH 5.10 11/83] ovl: fix missing negative dentry check in ovl_rename() - Greg Kroah-Hartman MISC lore.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159575 Oracle Enterprise Linux Security Update for kernel (ELSA-2021-5227)
  • 159621 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9088)
  • 178943 Debian Security Update for linux (DLA 2843-1)
  • 179117 Debian Security Update for linux (DSA 5096-1)
  • 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
  • 179506 Debian Security Update for linux (CVE-2021-20321)
  • 198617 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5209-1)
  • 198618 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5210-1)
  • 198621 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5208-1)
  • 198627 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5218-1)
  • 199522 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6221-1)
  • 239974 Red Hat Update for kernel (RHSA-2021:5227)
  • 239979 Red Hat Update for kernel-rt (RHSA-2021:5241)
  • 352869 Amazon Linux Security Advisory for kernel: ALAS2-2021-1719
  • 353153 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-007
  • 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
  • 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
  • 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
  • 353989 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-027
  • 354000 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-029
  • 354013 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-031
  • 356241 Amazon Linux Security Advisory for microvm-kernel : ALASMICROVM-KERNEL-4.14-2023-001
  • 390256 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0007)
  • 610418 Google Pixel Android June 2022 Security Patch Missing
  • 610422 Google Android July 2022 Security Patch Missing for Huawei EMUI
  • 6140095 AWS Bottlerocket Security Update for kernel (GHSA-5fxr-5crx-3rh7)
  • 671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
  • 671288 EulerOS Security Update for kernel (EulerOS-SA-2022-1227)
  • 671367 EulerOS Security Update for kernel (EulerOS-SA-2022-1308)
  • 671401 EulerOS Security Update for kernel (EulerOS-SA-2022-1328)
  • 671436 EulerOS Security Update for kernel (EulerOS-SA-2022-1352)
  • 671498 EulerOS Security Update for kernel (EulerOS-SA-2022-1466)
  • 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
  • 752120 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1651-1)
  • 752125 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1686-1)
  • 752126 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1687-1)
  • 752231 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2082-1)
  • 752237 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2083-1)
  • 752240 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2103-1)
  • 752242 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2104-1)
  • 752250 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2111-1)
  • 753176 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1676-1)
  • 753299 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1669-1)
  • 900722 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8798)
  • 905850 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8798-1)
  • 940083 AlmaLinux Security Update for kernel (ALSA-2021:5227)
  • 960779 Rocky Linux Security Update for kernel-rt (RLSA-2021:5241)
  • 960807 Rocky Linux Security Update for kernel (RLSA-2021:5227)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report