CVE-2021-47256: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" in clear_inode: kernel BUG at fs/inode.c:519! Internal error: Oops - BUG: 0 [#1] SMP Modules linked in: Process syz-executor.0 (pid: 249, stack limit = 0x00000000a12409d7) CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted 4.19.95 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : clear_inode+0x280/0x2a8 lr : clear_inode+0x280/0x2a8 Call trace: clear_inode+0x280/0x2a8 ext4_clear_inode+0x38/0xe8 ext4_free_inode+0x130/0xc68 ext4_evict_inode+0xb20/0xcb8 evict+0x1a8/0x3c0 iput+0x344/0x460 do_unlinkat+0x260/0x410 __arm64_sys_unlinkat+0x6c/0xc0 el0_svc_common+0xdc/0x3b0 el0_svc_handler+0xf8/0x160 el0_svc+0x10/0x218 Kernel panic - not syncing: Fatal exception A crash dump of this problem show that someone called __munlock_pagevec to clear page LRU without lock_page: do_mmap -> mmap_region -> do_munmap -> munlock_vma_pages_range -> __munlock_pagevec. As a result memory_failure will call identify_page_state without wait_on_page_writeback. And after truncate_error_page clear the mapping of this page. end_page_writeback won't call sb_clear_inode_writeback to clear inode->i_wb_list. That will trigger BUG_ON in clear_inode! Fix it by checking PageWriteback too to help determine should we skip wait_on_page_writeback.
AI Analysis
Technical Summary
CVE-2021-47256 is a vulnerability in the Linux kernel related to the memory failure handling mechanism within the mm/memory-failure subsystem. The issue arises from improper synchronization when waiting for page writeback during memory failure processing. Specifically, the vulnerability is triggered when the kernel function memory_failure calls identify_page_state without properly waiting on page writeback, due to a missing check for the PageWriteback flag. This leads to a scenario where after truncate_error_page clears the mapping of a page, the end_page_writeback function does not invoke sb_clear_inode_writeback to clear the inode's i_wb_list. Consequently, the inode's writeback list remains non-empty, triggering a kernel BUG_ON assertion failure in clear_inode, which results in a kernel panic and system crash. The root cause is a race condition where __munlock_pagevec clears page LRU entries without holding the necessary page locks, causing inconsistent page state transitions. This vulnerability was discovered through syzkaller fuzzing and affects Linux kernel versions prior to the fix. The patch involves adding a check for the PageWriteback flag to ensure wait_on_page_writeback is correctly called, preventing the race condition and subsequent kernel panic. This vulnerability can cause denial of service by crashing the system unexpectedly, impacting system stability and availability.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily in environments running vulnerable Linux kernel versions, especially in servers, cloud infrastructure, and embedded devices. The kernel panic induced by this flaw leads to immediate system crashes, causing denial of service (DoS). This can disrupt critical business operations, particularly for industries relying on Linux-based systems for web hosting, data centers, telecommunications, and industrial control systems. The inability to maintain system uptime can result in financial losses, operational delays, and damage to reputation. Additionally, while no known exploits are reported in the wild, the vulnerability's nature allows for potential exploitation by local users or attackers with the ability to trigger memory failure conditions, possibly through crafted workloads or malicious software. This elevates the risk in multi-tenant environments such as cloud providers and shared hosting services prevalent in Europe. The vulnerability does not appear to allow privilege escalation or data leakage directly but compromises system availability, which is critical for compliance with European data protection and operational resilience regulations.
Mitigation Recommendations
European organizations should prioritize patching affected Linux kernel versions as soon as updates are available from their Linux distribution vendors. Since the vulnerability involves kernel memory management internals, applying vendor-supplied kernel patches is the most effective mitigation. In environments where immediate patching is not feasible, organizations should implement strict access controls to limit untrusted users' ability to execute code or workloads that could trigger memory failure conditions. Monitoring kernel logs for BUG_ON or Oops messages related to inode writeback or memory failure can help detect attempted exploitation. Additionally, deploying kernel hardening features such as Kernel Address Space Layout Randomization (KASLR), Control Flow Integrity (CFI), and enabling kernel lockdown modes can reduce the attack surface. For cloud and virtualized environments, isolating workloads and applying resource limits can mitigate the risk of triggering this vulnerability. Regularly auditing and updating system software, combined with robust incident response plans for kernel panics, will further reduce operational impact.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2021-47256: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" in clear_inode: kernel BUG at fs/inode.c:519! Internal error: Oops - BUG: 0 [#1] SMP Modules linked in: Process syz-executor.0 (pid: 249, stack limit = 0x00000000a12409d7) CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted 4.19.95 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : clear_inode+0x280/0x2a8 lr : clear_inode+0x280/0x2a8 Call trace: clear_inode+0x280/0x2a8 ext4_clear_inode+0x38/0xe8 ext4_free_inode+0x130/0xc68 ext4_evict_inode+0xb20/0xcb8 evict+0x1a8/0x3c0 iput+0x344/0x460 do_unlinkat+0x260/0x410 __arm64_sys_unlinkat+0x6c/0xc0 el0_svc_common+0xdc/0x3b0 el0_svc_handler+0xf8/0x160 el0_svc+0x10/0x218 Kernel panic - not syncing: Fatal exception A crash dump of this problem show that someone called __munlock_pagevec to clear page LRU without lock_page: do_mmap -> mmap_region -> do_munmap -> munlock_vma_pages_range -> __munlock_pagevec. As a result memory_failure will call identify_page_state without wait_on_page_writeback. And after truncate_error_page clear the mapping of this page. end_page_writeback won't call sb_clear_inode_writeback to clear inode->i_wb_list. That will trigger BUG_ON in clear_inode! Fix it by checking PageWriteback too to help determine should we skip wait_on_page_writeback.
AI-Powered Analysis
Technical Analysis
CVE-2021-47256 is a vulnerability in the Linux kernel related to the memory failure handling mechanism within the mm/memory-failure subsystem. The issue arises from improper synchronization when waiting for page writeback during memory failure processing. Specifically, the vulnerability is triggered when the kernel function memory_failure calls identify_page_state without properly waiting on page writeback, due to a missing check for the PageWriteback flag. This leads to a scenario where after truncate_error_page clears the mapping of a page, the end_page_writeback function does not invoke sb_clear_inode_writeback to clear the inode's i_wb_list. Consequently, the inode's writeback list remains non-empty, triggering a kernel BUG_ON assertion failure in clear_inode, which results in a kernel panic and system crash. The root cause is a race condition where __munlock_pagevec clears page LRU entries without holding the necessary page locks, causing inconsistent page state transitions. This vulnerability was discovered through syzkaller fuzzing and affects Linux kernel versions prior to the fix. The patch involves adding a check for the PageWriteback flag to ensure wait_on_page_writeback is correctly called, preventing the race condition and subsequent kernel panic. This vulnerability can cause denial of service by crashing the system unexpectedly, impacting system stability and availability.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily in environments running vulnerable Linux kernel versions, especially in servers, cloud infrastructure, and embedded devices. The kernel panic induced by this flaw leads to immediate system crashes, causing denial of service (DoS). This can disrupt critical business operations, particularly for industries relying on Linux-based systems for web hosting, data centers, telecommunications, and industrial control systems. The inability to maintain system uptime can result in financial losses, operational delays, and damage to reputation. Additionally, while no known exploits are reported in the wild, the vulnerability's nature allows for potential exploitation by local users or attackers with the ability to trigger memory failure conditions, possibly through crafted workloads or malicious software. This elevates the risk in multi-tenant environments such as cloud providers and shared hosting services prevalent in Europe. The vulnerability does not appear to allow privilege escalation or data leakage directly but compromises system availability, which is critical for compliance with European data protection and operational resilience regulations.
Mitigation Recommendations
European organizations should prioritize patching affected Linux kernel versions as soon as updates are available from their Linux distribution vendors. Since the vulnerability involves kernel memory management internals, applying vendor-supplied kernel patches is the most effective mitigation. In environments where immediate patching is not feasible, organizations should implement strict access controls to limit untrusted users' ability to execute code or workloads that could trigger memory failure conditions. Monitoring kernel logs for BUG_ON or Oops messages related to inode writeback or memory failure can help detect attempted exploitation. Additionally, deploying kernel hardening features such as Kernel Address Space Layout Randomization (KASLR), Control Flow Integrity (CFI), and enabling kernel lockdown modes can reduce the attack surface. For cloud and virtualized environments, isolating workloads and applying resource limits can mitigate the risk of triggering this vulnerability. Regularly auditing and updating system software, combined with robust incident response plans for kernel panics, will further reduce operational impact.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-04-10T18:59:19.540Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea1e2
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 2:20:54 PM
Last updated: 8/12/2025, 2:02:08 PM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.