CVE-2021-47185: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it.
AI Analysis
Technical Summary
CVE-2021-47185 is a vulnerability in the Linux kernel's tty subsystem, specifically related to the function flush_to_ldisc. The issue manifests as a soft lockup during the processing of pseudo-terminal (pty) data, particularly on ARM64 architectures. The vulnerability arises when a process writes data rapidly to the pty master device while a kernel workqueue concurrently executes flush_to_ldisc to pop data from the buffer. If these operations run on different CPU cores and the kernel is configured without preemption, the workqueue can enter a prolonged loop without yielding CPU time, causing a soft lockup. This is due to the absence of scheduling checks within the flush_to_ldisc loop, which leads to the kernel watchdog detecting a hung state and triggering a panic. The root cause is the lack of need_resched and cond_resched calls in the flush_to_ldisc loop, which are necessary to allow the scheduler to preempt the workqueue and prevent CPU starvation. The vulnerability was identified through the Linux Test Project (LTP) testcase pty04.c, which simulates this condition. The fix involves adding these scheduling checks to the flush_to_ldisc loop, enabling the kernel to reschedule tasks appropriately and avoid soft lockups. The CVSS score is 4.4 (medium severity), reflecting that the vulnerability requires local privileges with high authentication and does not impact confidentiality or integrity but affects availability by causing denial of service through kernel panic or soft lockup. There are no known exploits in the wild, and the vulnerability primarily affects ARM64 Linux kernel configurations without preemption enabled.
Potential Impact
For European organizations, the primary impact of CVE-2021-47185 is a potential denial of service (DoS) condition on Linux systems running ARM64 architectures without kernel preemption enabled. This could lead to system instability or crashes, affecting availability of critical services, especially in environments relying on ARM64 servers or embedded devices. While the vulnerability does not compromise data confidentiality or integrity, the disruption caused by kernel panics or soft lockups can impact operational continuity. Industries in Europe that deploy ARM64-based Linux systems for telecommunications, IoT infrastructure, or edge computing may be particularly vulnerable. Additionally, organizations using Linux-based virtualization or container platforms on ARM64 hardware could experience service interruptions. The requirement for local high-privileged access limits the risk from remote attackers but raises concerns about insider threats or compromised accounts. Given the increasing adoption of ARM64 in data centers and cloud environments across Europe, this vulnerability could affect availability of services if unpatched kernels are in use.
Mitigation Recommendations
To mitigate CVE-2021-47185, European organizations should: 1) Apply the latest Linux kernel patches that include the fix adding need_resched and cond_resched calls in flush_to_ldisc to prevent soft lockups. 2) Review kernel configurations to ensure preemption is enabled where feasible, reducing the risk of CPU starvation in workqueues. 3) Monitor ARM64 Linux systems for signs of soft lockups or kernel panics related to tty subsystem activity, especially under high load or rapid pty data transmission scenarios. 4) Limit local high-privileged access to trusted users and implement strict access controls to prevent exploitation by insiders or compromised accounts. 5) Conduct testing of critical applications and workloads on patched kernels to validate stability and performance. 6) For embedded or IoT devices running affected kernels, coordinate with vendors for firmware updates or mitigations. 7) Employ system monitoring and alerting for kernel watchdog events that may indicate attempts to trigger this vulnerability. These steps go beyond generic advice by focusing on kernel configuration, access control, and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2021-47185: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it.
AI-Powered Analysis
Technical Analysis
CVE-2021-47185 is a vulnerability in the Linux kernel's tty subsystem, specifically related to the function flush_to_ldisc. The issue manifests as a soft lockup during the processing of pseudo-terminal (pty) data, particularly on ARM64 architectures. The vulnerability arises when a process writes data rapidly to the pty master device while a kernel workqueue concurrently executes flush_to_ldisc to pop data from the buffer. If these operations run on different CPU cores and the kernel is configured without preemption, the workqueue can enter a prolonged loop without yielding CPU time, causing a soft lockup. This is due to the absence of scheduling checks within the flush_to_ldisc loop, which leads to the kernel watchdog detecting a hung state and triggering a panic. The root cause is the lack of need_resched and cond_resched calls in the flush_to_ldisc loop, which are necessary to allow the scheduler to preempt the workqueue and prevent CPU starvation. The vulnerability was identified through the Linux Test Project (LTP) testcase pty04.c, which simulates this condition. The fix involves adding these scheduling checks to the flush_to_ldisc loop, enabling the kernel to reschedule tasks appropriately and avoid soft lockups. The CVSS score is 4.4 (medium severity), reflecting that the vulnerability requires local privileges with high authentication and does not impact confidentiality or integrity but affects availability by causing denial of service through kernel panic or soft lockup. There are no known exploits in the wild, and the vulnerability primarily affects ARM64 Linux kernel configurations without preemption enabled.
Potential Impact
For European organizations, the primary impact of CVE-2021-47185 is a potential denial of service (DoS) condition on Linux systems running ARM64 architectures without kernel preemption enabled. This could lead to system instability or crashes, affecting availability of critical services, especially in environments relying on ARM64 servers or embedded devices. While the vulnerability does not compromise data confidentiality or integrity, the disruption caused by kernel panics or soft lockups can impact operational continuity. Industries in Europe that deploy ARM64-based Linux systems for telecommunications, IoT infrastructure, or edge computing may be particularly vulnerable. Additionally, organizations using Linux-based virtualization or container platforms on ARM64 hardware could experience service interruptions. The requirement for local high-privileged access limits the risk from remote attackers but raises concerns about insider threats or compromised accounts. Given the increasing adoption of ARM64 in data centers and cloud environments across Europe, this vulnerability could affect availability of services if unpatched kernels are in use.
Mitigation Recommendations
To mitigate CVE-2021-47185, European organizations should: 1) Apply the latest Linux kernel patches that include the fix adding need_resched and cond_resched calls in flush_to_ldisc to prevent soft lockups. 2) Review kernel configurations to ensure preemption is enabled where feasible, reducing the risk of CPU starvation in workqueues. 3) Monitor ARM64 Linux systems for signs of soft lockups or kernel panics related to tty subsystem activity, especially under high load or rapid pty data transmission scenarios. 4) Limit local high-privileged access to trusted users and implement strict access controls to prevent exploitation by insiders or compromised accounts. 5) Conduct testing of critical applications and workloads on patched kernels to validate stability and performance. 6) For embedded or IoT devices running affected kernels, coordinate with vendors for firmware updates or mitigations. 7) Employ system monitoring and alerting for kernel watchdog events that may indicate attempts to trigger this vulnerability. These steps go beyond generic advice by focusing on kernel configuration, access control, and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-25T09:12:14.113Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbe9fbe
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 5:52:34 PM
Last updated: 7/28/2025, 9:14:45 PM
Views: 13
Related Threats
CVE-2025-8950: SQL Injection in Campcodes Online Recruitment Management System
MediumCVE-2025-27388: CWE-20 Improper Input Validation in OPPO OPPO HEALTH APP
HighCVE-2025-8949: Stack-based Buffer Overflow in D-Link DIR-825
HighCVE-2025-8948: SQL Injection in projectworlds Visitor Management System
MediumCVE-2025-8947: SQL Injection in projectworlds Visitor Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.