CVE-2021-47076: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. [leonro@vm ~]$ mkt test test_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ... WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Modules linked in: crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel rdma_ucm rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core ptp pps_core CPU: 5 PID: 263 Comm: python3 Not tainted 5.13.0-rc1+ #2936 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Code: 03 0f 8e 65 0e 00 00 3b 93 10 06 00 00 0f 84 82 0a 00 00 4c 89 ff 4c 89 44 24 38 e8 2d 74 a9 e1 4c 8b 44 24 38 e9 1c f5 ff ff <0f> 0b e9 0c e8 ff ff b8 05 00 00 00 41 bf 05 00 00 00 e9 ab e7 ff RSP: 0018:ffff8880158af090 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888016a78000 RCX: ffffffffa0cf1652 RDX: 1ffff9200004b442 RSI: 0000000000000004 RDI: ffffc9000025a210 RBP: dffffc0000000000 R08: 00000000ffffffea R09: ffff88801617740b R10: ffffed1002c2ee81 R11: 0000000000000007 R12: ffff88800f3b63e8 R13: ffff888016a78008 R14: ffffc9000025a180 R15: 000000000000000c FS: 00007f88b622a740(0000) GS:ffff88806d540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f88b5a1fa10 CR3: 000000000d848004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0xb11/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_responder+0x5532/0x7620 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0x9c8/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_requester+0x1efd/0x58c0 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_post_send+0x998/0x1860 [rdma_rxe] ib_uverbs_post_send+0xd5f/0x1220 [ib_uverbs] ib_uverbs_write+0x847/0xc80 [ib_uverbs] vfs_write+0x1c5/0x840 ksys_write+0x176/0x1d0 do_syscall_64+0x3f/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae
AI Analysis
Technical Summary
CVE-2021-47076 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the RXE (RDMA over Converged Ethernet) driver. The flaw arises due to improper handling of Work Queue Element (WQE) status updates during LOCAL_WRITE failures when an invalid local key (lkey) is supplied in atomic operations. The RXE driver fails to update the WQE status correctly, which leads to a kernel panic—a critical system crash—when an atomic operation is attempted with an explicitly incorrect lkey. This vulnerability is rooted in the rxe_completer function, where the error handling for invalid lkeys is insufficient, causing the kernel to dereference invalid memory or enter an inconsistent state. The provided kernel panic trace indicates that the issue manifests during the processing of RDMA atomic operations, which are used for high-performance, low-latency memory access in networked environments. The vulnerability affects Linux kernel versions prior to the patch and is particularly relevant for systems utilizing RDMA over Ethernet, commonly found in high-performance computing clusters, data centers, and enterprise environments that require fast inter-node communication. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on March 1, 2024, and is confirmed by the Linux project with enriched information from CISA. The root cause is a missing update of WQE status on LOCAL_WRITE failures, which can be triggered remotely if an attacker can send crafted RDMA atomic operations with invalid lkeys, leading to denial of service via kernel panic.
Potential Impact
For European organizations, the impact of CVE-2021-47076 can be significant in environments where Linux servers are deployed with RDMA over Converged Ethernet capabilities. This includes data centers, cloud service providers, research institutions, and enterprises relying on high-performance computing clusters. The primary impact is a denial of service (DoS) condition caused by kernel panics, which can disrupt critical services, degrade system availability, and potentially cause cascading failures in clustered environments. While this vulnerability does not appear to allow privilege escalation or remote code execution directly, the forced system crashes can interrupt business operations, leading to downtime and potential data processing delays. Organizations in sectors such as finance, telecommunications, scientific research, and cloud infrastructure providers in Europe could face operational disruptions if their Linux systems with RDMA are targeted. Additionally, the complexity of RDMA deployments means that recovery from such crashes might require manual intervention, increasing operational costs and response times. Since no known exploits are in the wild, the immediate risk is moderate, but the presence of this vulnerability in critical infrastructure components necessitates prompt mitigation to avoid potential exploitation.
Mitigation Recommendations
To mitigate CVE-2021-47076, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 2) For environments where immediate patching is not feasible, consider disabling the RXE driver or RDMA over Ethernet functionality if it is not essential to operations, thereby eliminating the attack surface. 3) Implement strict network segmentation and access controls to limit exposure of RDMA-capable interfaces to untrusted or external networks, reducing the likelihood of malicious atomic operation injections. 4) Monitor kernel logs and system behavior for signs of unexpected kernel panics or RDMA subsystem errors, enabling early detection of potential exploitation attempts. 5) Engage with hardware and software vendors to ensure compatibility and support for patched kernels, especially in complex HPC or data center environments. 6) Conduct thorough testing of RDMA-dependent applications post-patching to verify stability and performance, ensuring that mitigations do not adversely affect critical workloads. These steps go beyond generic advice by focusing on the specific RDMA subsystem and operational considerations unique to affected Linux environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2021-47076: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. [leonro@vm ~]$ mkt test test_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ... WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Modules linked in: crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel rdma_ucm rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core ptp pps_core CPU: 5 PID: 263 Comm: python3 Not tainted 5.13.0-rc1+ #2936 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Code: 03 0f 8e 65 0e 00 00 3b 93 10 06 00 00 0f 84 82 0a 00 00 4c 89 ff 4c 89 44 24 38 e8 2d 74 a9 e1 4c 8b 44 24 38 e9 1c f5 ff ff <0f> 0b e9 0c e8 ff ff b8 05 00 00 00 41 bf 05 00 00 00 e9 ab e7 ff RSP: 0018:ffff8880158af090 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888016a78000 RCX: ffffffffa0cf1652 RDX: 1ffff9200004b442 RSI: 0000000000000004 RDI: ffffc9000025a210 RBP: dffffc0000000000 R08: 00000000ffffffea R09: ffff88801617740b R10: ffffed1002c2ee81 R11: 0000000000000007 R12: ffff88800f3b63e8 R13: ffff888016a78008 R14: ffffc9000025a180 R15: 000000000000000c FS: 00007f88b622a740(0000) GS:ffff88806d540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f88b5a1fa10 CR3: 000000000d848004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0xb11/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_responder+0x5532/0x7620 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0x9c8/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_requester+0x1efd/0x58c0 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_post_send+0x998/0x1860 [rdma_rxe] ib_uverbs_post_send+0xd5f/0x1220 [ib_uverbs] ib_uverbs_write+0x847/0xc80 [ib_uverbs] vfs_write+0x1c5/0x840 ksys_write+0x176/0x1d0 do_syscall_64+0x3f/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae
AI-Powered Analysis
Technical Analysis
CVE-2021-47076 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the RXE (RDMA over Converged Ethernet) driver. The flaw arises due to improper handling of Work Queue Element (WQE) status updates during LOCAL_WRITE failures when an invalid local key (lkey) is supplied in atomic operations. The RXE driver fails to update the WQE status correctly, which leads to a kernel panic—a critical system crash—when an atomic operation is attempted with an explicitly incorrect lkey. This vulnerability is rooted in the rxe_completer function, where the error handling for invalid lkeys is insufficient, causing the kernel to dereference invalid memory or enter an inconsistent state. The provided kernel panic trace indicates that the issue manifests during the processing of RDMA atomic operations, which are used for high-performance, low-latency memory access in networked environments. The vulnerability affects Linux kernel versions prior to the patch and is particularly relevant for systems utilizing RDMA over Ethernet, commonly found in high-performance computing clusters, data centers, and enterprise environments that require fast inter-node communication. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on March 1, 2024, and is confirmed by the Linux project with enriched information from CISA. The root cause is a missing update of WQE status on LOCAL_WRITE failures, which can be triggered remotely if an attacker can send crafted RDMA atomic operations with invalid lkeys, leading to denial of service via kernel panic.
Potential Impact
For European organizations, the impact of CVE-2021-47076 can be significant in environments where Linux servers are deployed with RDMA over Converged Ethernet capabilities. This includes data centers, cloud service providers, research institutions, and enterprises relying on high-performance computing clusters. The primary impact is a denial of service (DoS) condition caused by kernel panics, which can disrupt critical services, degrade system availability, and potentially cause cascading failures in clustered environments. While this vulnerability does not appear to allow privilege escalation or remote code execution directly, the forced system crashes can interrupt business operations, leading to downtime and potential data processing delays. Organizations in sectors such as finance, telecommunications, scientific research, and cloud infrastructure providers in Europe could face operational disruptions if their Linux systems with RDMA are targeted. Additionally, the complexity of RDMA deployments means that recovery from such crashes might require manual intervention, increasing operational costs and response times. Since no known exploits are in the wild, the immediate risk is moderate, but the presence of this vulnerability in critical infrastructure components necessitates prompt mitigation to avoid potential exploitation.
Mitigation Recommendations
To mitigate CVE-2021-47076, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 2) For environments where immediate patching is not feasible, consider disabling the RXE driver or RDMA over Ethernet functionality if it is not essential to operations, thereby eliminating the attack surface. 3) Implement strict network segmentation and access controls to limit exposure of RDMA-capable interfaces to untrusted or external networks, reducing the likelihood of malicious atomic operation injections. 4) Monitor kernel logs and system behavior for signs of unexpected kernel panics or RDMA subsystem errors, enabling early detection of potential exploitation attempts. 5) Engage with hardware and software vendors to ensure compatibility and support for patched kernels, especially in complex HPC or data center environments. 6) Conduct thorough testing of RDMA-dependent applications post-patching to verify stability and performance, ensuring that mitigations do not adversely affect critical workloads. These steps go beyond generic advice by focusing on the specific RDMA subsystem and operational considerations unique to affected Linux environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-29T22:33:44.297Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9c4c
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 8:57:50 PM
Last updated: 8/4/2025, 6:34:11 AM
Views: 12
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.