CVE-2021-3739
Published on: Not Yet Published
Last Modified on: 02/12/2023 11:07:00 PM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
- CVE-2021-3739 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.1 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | NONE | HIGH |
CVSS2 Score: 3.6 - LOW
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | NONE | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| oss-security - Linux kernel: fs/btrfs: null-ptr-dereference bug in btrfs_rm_device in fs/btrfs/volumes.c | www.openwall.com text/html |
MISC www.openwall.com/lists/oss-security/2021/08/25/3 |
| btrfs: fix NULL pointer dereference when deleting device by invalid id · torvalds/[email protected] · GitHub | github.com text/html |
MISC github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 |
| 1997958 – (CVE-2021-3739) CVE-2021-3739 kernel: null-ptr-dereference bug in btrfs_rm_device in fs/btrfs/volumes.c | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=1997958 |
| CVE-2021-3739 | Ubuntu | ubuntu.com text/html |
MISC ubuntu.com/security/CVE-2021-3739 |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org text/html |
MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 |
| CVE-2021-3739 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20220407-0006/ |
Related QID Numbers
- 159401 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9457)
- 159405 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9461)
- 159421 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9474)
- 159422 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9475)
- 178809 Debian Security Update for linux (DSA 4978-1)
- 198540 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5113-1)
- 198542 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5115-1)
- 198543 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5117-1)
- 198563 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5137-1)
- 198565 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5137-2)
- 353155 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-005
- 751137 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1271-1)
- 751160 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3179-1)
- 751170 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3205-1)
- 900740 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8936)
- 905812 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8936-1)
Known Affected Configurations (CPE V2.3)
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @softek_jp |
Linux Kernel の btrfs ファイルシステムの処理にサービスを妨害される問題 (CVE-2021-3739) [40098] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2021-09-28 02:14:13 |
| @CVEreport |
CVE-2021-3739 : A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in… twitter.com/i/web/status/1… | 2022-03-10 17:52:58 |
 /r/synology |
DSM Version: 7.1.1-42951 (Release Candidate) | 2022-08-10 06:07:14 |
| /r/synology |
Has anyone seen the release notes for the latest DSM 7.1.1 Release Candidate. Fixes a scary amount of CVEs. | 2022-08-16 14:26:29 |
| /r/synology |
DSM 7.1.1-42962 released! | 2022-09-05 11:39:36 |