CVE-2021-46983: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmet_rdma_error_comp which tried accessing the cq_context to obtain the queue. The cq_context is no longer valid after the fix to use shared CQ mechanism and should be obtained similar to how it is obtained in other functions from the wc->qp. [ 905.786331] nvmet_rdma: SEND for CQE 0x00000000e3337f90 failed with status transport retry counter exceeded (12). [ 905.832048] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 [ 905.839919] PGD 0 P4D 0 [ 905.842464] Oops: 0000 1 SMP NOPTI [ 905.846144] CPU: 13 PID: 1557 Comm: kworker/13:1H Kdump: loaded Tainted: G OE --------- - - 4.18.0-304.el8.x86_64 #1 [ 905.872135] RIP: 0010:nvmet_rdma_error_comp+0x5/0x1b [nvmet_rdma] [ 905.878259] Code: 19 4f c0 e8 89 b3 a5 f6 e9 5b e0 ff ff 0f b7 75 14 4c 89 ea 48 c7 c7 08 1a 4f c0 e8 71 b3 a5 f6 e9 4b e0 ff ff 0f 1f 44 00 00 <48> 8b 47 48 48 85 c0 74 08 48 89 c7 e9 98 bf 49 00 e9 c3 e3 ff ff [ 905.897135] RSP: 0018:ffffab601c45fe28 EFLAGS: 00010246 [ 905.902387] RAX: 0000000000000065 RBX: ffff9e729ea2f800 RCX: 0000000000000000 [ 905.909558] RDX: 0000000000000000 RSI: ffff9e72df9567c8 RDI: 0000000000000000 [ 905.916731] RBP: ffff9e729ea2b400 R08: 000000000000074d R09: 0000000000000074 [ 905.923903] R10: 0000000000000000 R11: ffffab601c45fcc0 R12: 0000000000000010 [ 905.931074] R13: 0000000000000000 R14: 0000000000000010 R15: ffff9e729ea2f400 [ 905.938247] FS: 0000000000000000(0000) GS:ffff9e72df940000(0000) knlGS:0000000000000000 [ 905.938249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 905.950067] nvmet_rdma: SEND for CQE 0x00000000c7356cca failed with status transport retry counter exceeded (12). [ 905.961855] CR2: 0000000000000048 CR3: 000000678d010004 CR4: 00000000007706e0 [ 905.961855] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 905.961856] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 905.961857] PKRU: 55555554 [ 906.010315] Call Trace: [ 906.012778] __ib_process_cq+0x89/0x170 [ib_core] [ 906.017509] ib_cq_poll_work+0x26/0x80 [ib_core] [ 906.022152] process_one_work+0x1a7/0x360 [ 906.026182] ? create_worker+0x1a0/0x1a0 [ 906.030123] worker_thread+0x30/0x390 [ 906.033802] ? create_worker+0x1a0/0x1a0 [ 906.037744] kthread+0x116/0x130 [ 906.040988] ? kthread_flush_work_fn+0x10/0x10 [ 906.045456] ret_from_fork+0x1f/0x40
AI Analysis
Technical Summary
CVE-2021-46983 is a vulnerability identified in the Linux kernel's nvmet-rdma subsystem, which handles RDMA (Remote Direct Memory Access) transport for NVMe over Fabrics. The flaw arises when the system processes SEND completions that end with an error, specifically a "transport retry counter exceeded" status. In this scenario, the error handling function nvmet_rdma_error_comp attempts to access the completion queue context (cq_context) to retrieve queue information. However, due to a recent fix that introduced a shared completion queue mechanism, the cq_context pointer is no longer valid and should instead be obtained from the work completion's queue pair (wc->qp). The failure to update this pointer dereferences a NULL pointer, leading to a kernel oops and potential system crash. The vulnerability manifests when network link disruptions cause retry errors during RDMA traffic, triggering the faulty error handling path. The kernel logs show a NULL pointer dereference at nvmet_rdma_error_comp, resulting in an unrecoverable kernel panic or crash. This vulnerability affects Linux kernel versions prior to the patch that corrected the pointer usage in nvmet_rdma_error_comp. Exploitation requires the ability to generate RDMA traffic and induce link failures, which may be feasible in environments using NVMe over Fabrics with RDMA transports. Although no known exploits are reported in the wild, the vulnerability poses a risk of denial of service (DoS) through kernel crashes. The issue is technical and specific to the Linux kernel's RDMA NVMe target implementation, impacting systems that utilize this storage networking technology.
Potential Impact
For European organizations, the impact of CVE-2021-46983 primarily involves potential denial of service conditions on critical storage infrastructure that relies on NVMe over Fabrics with RDMA. Enterprises and data centers using Linux-based storage servers or hyperconverged infrastructure with RDMA-enabled NVMe targets could experience kernel crashes leading to service interruptions, data unavailability, and operational disruptions. This can affect sectors with high storage performance demands such as financial services, telecommunications, cloud service providers, and research institutions. The vulnerability does not directly lead to data corruption or unauthorized access but can degrade system availability and reliability. Given the increasing adoption of RDMA technologies in European data centers for low-latency storage access, the risk of service outages due to this flaw is non-trivial. Organizations with large-scale Linux deployments in storage or HPC environments should be particularly vigilant. The absence of known exploits reduces immediate risk, but the potential for accidental or malicious triggering of the bug remains a concern for operational continuity.
Mitigation Recommendations
To mitigate CVE-2021-46983, European organizations should: 1) Apply the latest Linux kernel patches that address the nvmet-rdma NULL pointer dereference, ensuring their kernel versions include the fix for the shared completion queue pointer usage. 2) Conduct thorough testing of RDMA NVMe target functionality in staging environments before deploying updated kernels in production to avoid regressions. 3) Monitor kernel logs for nvmet_rdma error messages indicating transport retry counter exceeded events and kernel oops related to nvmet_rdma_error_comp to detect potential exploitation or triggering conditions. 4) Limit RDMA network access to trusted hosts and isolate RDMA fabrics to reduce the risk of induced link failures by unauthorized actors. 5) Implement robust network monitoring and link stability checks on RDMA fabrics to proactively identify and resolve link issues that could trigger the vulnerability. 6) Engage with Linux distribution vendors and storage hardware providers for coordinated updates and advisories. 7) Consider fallback or alternative storage networking configurations if immediate patching is not feasible, to maintain availability. These steps go beyond generic advice by focusing on the specific RDMA NVMe target context and operational practices around RDMA fabrics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2021-46983: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmet_rdma_error_comp which tried accessing the cq_context to obtain the queue. The cq_context is no longer valid after the fix to use shared CQ mechanism and should be obtained similar to how it is obtained in other functions from the wc->qp. [ 905.786331] nvmet_rdma: SEND for CQE 0x00000000e3337f90 failed with status transport retry counter exceeded (12). [ 905.832048] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 [ 905.839919] PGD 0 P4D 0 [ 905.842464] Oops: 0000 1 SMP NOPTI [ 905.846144] CPU: 13 PID: 1557 Comm: kworker/13:1H Kdump: loaded Tainted: G OE --------- - - 4.18.0-304.el8.x86_64 #1 [ 905.872135] RIP: 0010:nvmet_rdma_error_comp+0x5/0x1b [nvmet_rdma] [ 905.878259] Code: 19 4f c0 e8 89 b3 a5 f6 e9 5b e0 ff ff 0f b7 75 14 4c 89 ea 48 c7 c7 08 1a 4f c0 e8 71 b3 a5 f6 e9 4b e0 ff ff 0f 1f 44 00 00 <48> 8b 47 48 48 85 c0 74 08 48 89 c7 e9 98 bf 49 00 e9 c3 e3 ff ff [ 905.897135] RSP: 0018:ffffab601c45fe28 EFLAGS: 00010246 [ 905.902387] RAX: 0000000000000065 RBX: ffff9e729ea2f800 RCX: 0000000000000000 [ 905.909558] RDX: 0000000000000000 RSI: ffff9e72df9567c8 RDI: 0000000000000000 [ 905.916731] RBP: ffff9e729ea2b400 R08: 000000000000074d R09: 0000000000000074 [ 905.923903] R10: 0000000000000000 R11: ffffab601c45fcc0 R12: 0000000000000010 [ 905.931074] R13: 0000000000000000 R14: 0000000000000010 R15: ffff9e729ea2f400 [ 905.938247] FS: 0000000000000000(0000) GS:ffff9e72df940000(0000) knlGS:0000000000000000 [ 905.938249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 905.950067] nvmet_rdma: SEND for CQE 0x00000000c7356cca failed with status transport retry counter exceeded (12). [ 905.961855] CR2: 0000000000000048 CR3: 000000678d010004 CR4: 00000000007706e0 [ 905.961855] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 905.961856] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 905.961857] PKRU: 55555554 [ 906.010315] Call Trace: [ 906.012778] __ib_process_cq+0x89/0x170 [ib_core] [ 906.017509] ib_cq_poll_work+0x26/0x80 [ib_core] [ 906.022152] process_one_work+0x1a7/0x360 [ 906.026182] ? create_worker+0x1a0/0x1a0 [ 906.030123] worker_thread+0x30/0x390 [ 906.033802] ? create_worker+0x1a0/0x1a0 [ 906.037744] kthread+0x116/0x130 [ 906.040988] ? kthread_flush_work_fn+0x10/0x10 [ 906.045456] ret_from_fork+0x1f/0x40
AI-Powered Analysis
Technical Analysis
CVE-2021-46983 is a vulnerability identified in the Linux kernel's nvmet-rdma subsystem, which handles RDMA (Remote Direct Memory Access) transport for NVMe over Fabrics. The flaw arises when the system processes SEND completions that end with an error, specifically a "transport retry counter exceeded" status. In this scenario, the error handling function nvmet_rdma_error_comp attempts to access the completion queue context (cq_context) to retrieve queue information. However, due to a recent fix that introduced a shared completion queue mechanism, the cq_context pointer is no longer valid and should instead be obtained from the work completion's queue pair (wc->qp). The failure to update this pointer dereferences a NULL pointer, leading to a kernel oops and potential system crash. The vulnerability manifests when network link disruptions cause retry errors during RDMA traffic, triggering the faulty error handling path. The kernel logs show a NULL pointer dereference at nvmet_rdma_error_comp, resulting in an unrecoverable kernel panic or crash. This vulnerability affects Linux kernel versions prior to the patch that corrected the pointer usage in nvmet_rdma_error_comp. Exploitation requires the ability to generate RDMA traffic and induce link failures, which may be feasible in environments using NVMe over Fabrics with RDMA transports. Although no known exploits are reported in the wild, the vulnerability poses a risk of denial of service (DoS) through kernel crashes. The issue is technical and specific to the Linux kernel's RDMA NVMe target implementation, impacting systems that utilize this storage networking technology.
Potential Impact
For European organizations, the impact of CVE-2021-46983 primarily involves potential denial of service conditions on critical storage infrastructure that relies on NVMe over Fabrics with RDMA. Enterprises and data centers using Linux-based storage servers or hyperconverged infrastructure with RDMA-enabled NVMe targets could experience kernel crashes leading to service interruptions, data unavailability, and operational disruptions. This can affect sectors with high storage performance demands such as financial services, telecommunications, cloud service providers, and research institutions. The vulnerability does not directly lead to data corruption or unauthorized access but can degrade system availability and reliability. Given the increasing adoption of RDMA technologies in European data centers for low-latency storage access, the risk of service outages due to this flaw is non-trivial. Organizations with large-scale Linux deployments in storage or HPC environments should be particularly vigilant. The absence of known exploits reduces immediate risk, but the potential for accidental or malicious triggering of the bug remains a concern for operational continuity.
Mitigation Recommendations
To mitigate CVE-2021-46983, European organizations should: 1) Apply the latest Linux kernel patches that address the nvmet-rdma NULL pointer dereference, ensuring their kernel versions include the fix for the shared completion queue pointer usage. 2) Conduct thorough testing of RDMA NVMe target functionality in staging environments before deploying updated kernels in production to avoid regressions. 3) Monitor kernel logs for nvmet_rdma error messages indicating transport retry counter exceeded events and kernel oops related to nvmet_rdma_error_comp to detect potential exploitation or triggering conditions. 4) Limit RDMA network access to trusted hosts and isolate RDMA fabrics to reduce the risk of induced link failures by unauthorized actors. 5) Implement robust network monitoring and link stability checks on RDMA fabrics to proactively identify and resolve link issues that could trigger the vulnerability. 6) Engage with Linux distribution vendors and storage hardware providers for coordinated updates and advisories. 7) Consider fallback or alternative storage networking configurations if immediate patching is not feasible, to maintain availability. These steps go beyond generic advice by focusing on the specific RDMA NVMe target context and operational practices around RDMA fabrics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-27T18:42:55.946Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe999e
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 6:40:35 PM
Last updated: 8/7/2025, 10:25:38 PM
Views: 15
Related Threats
CVE-2025-8975: Cross Site Scripting in givanz Vvveb
MediumCVE-2025-55716: CWE-862 Missing Authorization in VeronaLabs WP Statistics
MediumCVE-2025-55714: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crocoblock JetElements For Elementor
MediumCVE-2025-55713: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CreativeThemes Blocksy
MediumCVE-2025-55712: CWE-862 Missing Authorization in POSIMYTH The Plus Addons for Elementor Page Builder Lite
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.