CVE-2021-47636: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a read out-of-bounds vulnerability was discovered in the ubifswbufwrite_nolock() function of the UBIFS filesystem. The vulnerability was identified and disclosed on February 26, 2025, affecting the Linux kernel's UBIFS implementation (NVD).

The vulnerability occurs when ubifswbufwrite_nolock() function processes unaligned buffer lengths. When handling data that is not 8-byte aligned, the function may access memory beyond the allocated buffer boundaries. This happens specifically when the length parameter is not 8-byte aligned, leading to potential out-of-bounds read operations. The issue manifests when n > len, causing a read beyond the buffer's bounds by up to 8 bytes (n-len) (Kernel Git).

The vulnerability can lead to out-of-bounds memory reads, which was detected by the Kernel Address Sanitizer (KASAN). This could potentially result in information disclosure or system crashes. The issue was discovered during filesystem operations when writing to UBIFS storage (NVD).

The issue has been fixed by modifying the ubifswbufwrite_nolock() function to properly handle unaligned buffer lengths. The fix includes adding proper bounds checking and implementing a new approach to handle the last write operation using a temporary buffer. The patch ensures that only the actual data length is read from the source buffer (Kernel Git).