CVE-2021-47001: xprtrdma: Fix cwnd update ordering
First published: Wed Feb 28 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thus enabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs() can post enough Receive WRs to receive their replies. This causes an RNR and the new connection is lost immediately. The race is most clearly exposed when KASAN and disconnect injection are enabled. This slows down rpcrdma_rep_create() enough to allow the send side to post a bunch of RPC Calls before the Receive completion handler can invoke ib_post_recv().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.5<5.10.38 | |
| Linux Kernel | >=5.11<5.11.22 | |
| Linux Kernel | >=5.12<5.12.5 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0
- https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c
- https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95
- https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4
- https://launchpad.net/bugs/cve/CVE-2021-47001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47001
- https://nvd.nist.gov/vuln/detail/CVE-2021-47001
- https://security-tracker.debian.org/tracker/CVE-2021-47001
- https://ubuntu.com/security/CVE-2021-47001
- https://git.kernel.org/linus/35d8b10a25884050bb3b0149b62c3818ec59f77c
- https://security.netapp.com/advisory/ntap-20250411-0001/
Frequently Asked Questions
What is the severity of CVE-2021-47001?
CVE-2021-47001 is classified as a medium-severity vulnerability in the Linux kernel.
How do I fix CVE-2021-47001?
To fix CVE-2021-47001, upgrade to the patched versions of the Linux kernel: 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1.
What systems are affected by CVE-2021-47001?
CVE-2021-47001 affects various versions of the Linux kernel, specifically those between 5.5 and 5.10.38, as well as other specified versions.
What exploitation capabilities does CVE-2021-47001 provide?
CVE-2021-47001 could potentially allow an attacker to exploit the vulnerability through unauthorized Remote Procedure Calls (RPC).
Is there public knowledge available on CVE-2021-47001?
Details on CVE-2021-47001 can be found in several public repositories and security advisories regarding Linux kernel vulnerabilities.
- agent/title
- agent/type
- agent/first-publish-date
- agent/trending
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/remedy
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.12
- package-manager/debian