{"id":"CVE-2021-46972","details":"In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix leaked dentry\n\nSince commit 6815f479ca90 (\"ovl: use only uppermetacopy state in\novl_lookup()\"), overlayfs doesn't put temporary dentry when there is a\nmetacopy error, which leads to dentry leaks when shutting down the related\nsuperblock:\n\n  overlayfs: refusing to follow metacopy origin for (/file0)\n  ...\n  BUG: Dentry (____ptrval____){i=3f33,n=file3}  still in use (1) [unmount of overlay overlay]\n  ...\n  WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d\n  CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1\n  ...\n  RIP: 0010:umount_check.cold+0x107/0x14d\n  ...\n  Call Trace:\n   d_walk+0x28c/0x950\n   ? dentry_lru_isolate+0x2b0/0x2b0\n   ? __kasan_slab_free+0x12/0x20\n   do_one_tree+0x33/0x60\n   shrink_dcache_for_umount+0x78/0x1d0\n   generic_shutdown_super+0x70/0x440\n   kill_anon_super+0x3e/0x70\n   deactivate_locked_super+0xc4/0x160\n   deactivate_super+0xfa/0x140\n   cleanup_mnt+0x22e/0x370\n   __cleanup_mnt+0x1a/0x30\n   task_work_run+0x139/0x210\n   do_exit+0xb0c/0x2820\n   ? __kasan_check_read+0x1d/0x30\n   ? find_held_lock+0x35/0x160\n   ? lock_release+0x1b6/0x660\n   ? mm_update_next_owner+0xa20/0xa20\n   ? reacquire_held_locks+0x3f0/0x3f0\n   ? __sanitizer_cov_trace_const_cmp4+0x22/0x30\n   do_group_exit+0x135/0x380\n   __do_sys_exit_group.isra.0+0x20/0x20\n   __x64_sys_exit_group+0x3c/0x50\n   do_syscall_64+0x45/0x70\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  ...\n  VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds.  Have a nice day...\n\nThis fix has been tested with a syzkaller reproducer.","modified":"2026-03-13T05:09:00.592348Z","published":"2024-02-27T19:04:07.403Z","related":["ALSA-2024:4211","ALSA-2024:4352"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"},{"type":"FIX","url":"https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"},{"type":"FIX","url":"https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"},{"type":"FIX","url":"https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46972.json","unresolved_ranges":[{"events":[{"introduced":"5.8"},{"fixed":"5.10.35"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.11.19"}]},{"events":[{"introduced":"5.12"},{"fixed":"5.12.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}