CVE-2021-47066: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47066 is a vulnerability in the Linux kernel's asyncxor functionality that affects versions from 5.10 to 5.12.4. The issue arises when calculating XOR values with different offsets for each r5dev in RAID5 configurations, particularly when PAGESIZE is not equal to stripe size (NVD).

The vulnerability occurs in the asyncxor functionality where, in RMW (Read-Modify-Write) mode, the parity page is used as a source page. When ASYNCTXXORDROPDST is set before calculating XOR value in opsrunprexor5, it needs to increment both srclist and srcoffs simultaneously. The bug results from only incrementing srclist, leading to incorrect XOR value calculations. The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause data corruption problems in RAID5 configurations. This is particularly reproducible on POWER8 machines when attempting to mount an XFS filesystem on a RAID5 array, resulting in structure cleaning errors (Kernel Patch).

The issue has been fixed in the Linux kernel through a patch that properly increments srcoffs when dropping the destination page. The fix involves adding a single line of code to increment srcoffs along with srclist when ASYNCTXXORDROP_DST is set (Kernel Patch).