CVE-2021-47271: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler Patch fixes the following critical issue caused by deadlock which has been detected during testing NCM class: smp: csd: Detected non-responsive CSD lock (#1) on CPU#0 smp: csd: CSD lock (#1) unresponsive. .... RIP: 0010:native_queued_spin_lock_slowpath+0x61/0x1d0 RSP: 0018:ffffbc494011cde0 EFLAGS: 00000002 RAX: 0000000000000101 RBX: ffff9ee8116b4a68 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ee8116b4658 RBP: ffffbc494011cde0 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658 R13: ffff9ee8116b4670 R14: 0000000000000246 R15: ffff9ee8116b4658 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7bcc41a830 CR3: 000000007a612003 CR4: 00000000001706e0 Call Trace: <IRQ> do_raw_spin_lock+0xc0/0xd0 _raw_spin_lock_irqsave+0x95/0xa0 cdnsp_gadget_ep_queue.cold+0x88/0x107 [cdnsp_udc_pci] usb_ep_queue+0x35/0x110 eth_start_xmit+0x220/0x3d0 [u_ether] ncm_tx_timeout+0x34/0x40 [usb_f_ncm] ? ncm_free_inst+0x50/0x50 [usb_f_ncm] __hrtimer_run_queues+0xac/0x440 hrtimer_run_softirq+0x8c/0xb0 __do_softirq+0xcf/0x428 asm_call_irq_on_stack+0x12/0x20 </IRQ> do_softirq_own_stack+0x61/0x70 irq_exit_rcu+0xc1/0xd0 sysvec_apic_timer_interrupt+0x52/0xb0 asm_sysvec_apic_timer_interrupt+0x12/0x20 RIP: 0010:do_raw_spin_trylock+0x18/0x40 RSP: 0018:ffffbc494138bda8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff9ee8116b4658 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9ee8116b4658 RBP: ffffbc494138bda8 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658 R13: ffff9ee8116b4670 R14: ffff9ee7b5c73d80 R15: ffff9ee8116b4000 _raw_spin_lock+0x3d/0x70 ? cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci] cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci] ? cdnsp_remove_request+0x1f0/0x1f0 [cdnsp_udc_pci] ? cdnsp_thread_irq_handler+0x5/0xa0 [cdnsp_udc_pci] ? irq_thread+0xa0/0x1c0 irq_thread_fn+0x28/0x60 irq_thread+0x105/0x1c0 ? __kthread_parkme+0x42/0x90 ? irq_forced_thread_fn+0x90/0x90 ? wake_threads_waitq+0x30/0x30 ? irq_thread_check_affinity+0xe0/0xe0 kthread+0x12a/0x160 ? kthread_park+0x90/0x90 ret_from_fork+0x22/0x30 The root cause of issue is spin_lock/spin_unlock instruction instead spin_lock_irqsave/spin_lock_irqrestore in cdnsp_thread_irq_handler function.
AI Analysis
Technical Summary
CVE-2021-47271 is a medium-severity vulnerability identified in the Linux kernel, specifically within the USB subsystem's cdnsp (Cadence USB Device Controller) driver. The issue arises from improper locking mechanisms in the cdnsp_thread_irq_handler function, where spin_lock and spin_unlock instructions are used instead of the safer spin_lock_irqsave and spin_unlock_irqrestore variants. This incorrect usage leads to a deadlock condition during interrupt handling, particularly when processing USB Network Control Model (NCM) class devices. The deadlock manifests as a non-responsive CSD (Core Scheduling Domain) lock on CPU#0, causing the affected CPU to hang and become unresponsive. The kernel stack traces provided indicate that the deadlock occurs during attempts to acquire spinlocks in interrupt context, which is critical because spin_lock_irqsave disables local interrupts to prevent deadlocks, whereas spin_lock does not, leading to potential lock contention and system hangs. This vulnerability does not impact confidentiality or integrity directly but severely affects system availability by causing kernel hangs or crashes. The vulnerability affects Linux kernel versions identified by the commit hash 3d82904559f4f5a2622db1b21de3edf2eded7664 and likely other versions containing the flawed cdnsp driver code. No known exploits are reported in the wild, but the nature of the bug suggests it could be triggered by malicious or malformed USB NCM devices or drivers interacting with the cdnsp driver. The CVSS v3.1 score is 5.5 (medium), reflecting the local attack vector, low complexity, low privileges required, no user interaction, and impact limited to availability. The root cause is a programming error in kernel interrupt handling and locking, which has been patched by replacing spin_lock/spin_unlock with spin_lock_irqsave/spin_unlock_irqrestore to properly manage interrupt states during locking.
Potential Impact
For European organizations, the primary impact of CVE-2021-47271 is on system availability and stability, particularly for systems running Linux kernels with the vulnerable cdnsp USB driver enabled. This is especially relevant for organizations using embedded Linux devices, network appliances, or industrial control systems that rely on USB NCM class devices for network connectivity. A successful exploitation could cause system hangs or kernel panics, leading to denial of service conditions. This could disrupt critical infrastructure, manufacturing processes, or enterprise network operations. Since the vulnerability requires local access or physical proximity to connect a malicious USB device, the risk is higher in environments where USB devices are frequently connected or where endpoint security is lax. The vulnerability does not expose data confidentiality or integrity directly but can cause operational downtime, which may have cascading effects on business continuity and service availability. European sectors such as manufacturing, telecommunications, and critical infrastructure that use Linux-based embedded systems or network devices are particularly at risk. Additionally, organizations with remote or on-site Linux servers that accept USB connections for maintenance or data transfer should be cautious. The lack of known exploits reduces immediate risk, but the medium severity and potential for denial of service warrant prompt attention.
Mitigation Recommendations
To mitigate CVE-2021-47271, European organizations should: 1) Apply the official Linux kernel patches that replace the improper spin_lock/spin_unlock calls with spin_lock_irqsave/spin_unlock_irqrestore in the cdnsp_thread_irq_handler function. This is the definitive fix to prevent the deadlock. 2) For systems where patching the kernel is not immediately feasible, consider disabling or unloading the cdnsp USB driver module if it is not required, thereby eliminating the attack surface. 3) Implement strict USB device control policies, including whitelisting authorized USB devices and restricting physical access to USB ports, to reduce the risk of malicious USB device insertion. 4) Monitor system logs and kernel messages for signs of deadlocks, kernel panics, or unusual USB device behavior that could indicate attempted exploitation. 5) For embedded or industrial Linux devices, coordinate with device vendors to ensure firmware and kernel updates include the fix. 6) Incorporate this vulnerability into vulnerability management and patching schedules, prioritizing systems with cdnsp driver usage. 7) Educate IT and security staff about the risks of USB-based attacks and the importance of applying kernel updates promptly. These targeted measures go beyond generic advice by focusing on the specific driver and usage context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2021-47271: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler Patch fixes the following critical issue caused by deadlock which has been detected during testing NCM class: smp: csd: Detected non-responsive CSD lock (#1) on CPU#0 smp: csd: CSD lock (#1) unresponsive. .... RIP: 0010:native_queued_spin_lock_slowpath+0x61/0x1d0 RSP: 0018:ffffbc494011cde0 EFLAGS: 00000002 RAX: 0000000000000101 RBX: ffff9ee8116b4a68 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ee8116b4658 RBP: ffffbc494011cde0 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658 R13: ffff9ee8116b4670 R14: 0000000000000246 R15: ffff9ee8116b4658 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7bcc41a830 CR3: 000000007a612003 CR4: 00000000001706e0 Call Trace: <IRQ> do_raw_spin_lock+0xc0/0xd0 _raw_spin_lock_irqsave+0x95/0xa0 cdnsp_gadget_ep_queue.cold+0x88/0x107 [cdnsp_udc_pci] usb_ep_queue+0x35/0x110 eth_start_xmit+0x220/0x3d0 [u_ether] ncm_tx_timeout+0x34/0x40 [usb_f_ncm] ? ncm_free_inst+0x50/0x50 [usb_f_ncm] __hrtimer_run_queues+0xac/0x440 hrtimer_run_softirq+0x8c/0xb0 __do_softirq+0xcf/0x428 asm_call_irq_on_stack+0x12/0x20 </IRQ> do_softirq_own_stack+0x61/0x70 irq_exit_rcu+0xc1/0xd0 sysvec_apic_timer_interrupt+0x52/0xb0 asm_sysvec_apic_timer_interrupt+0x12/0x20 RIP: 0010:do_raw_spin_trylock+0x18/0x40 RSP: 0018:ffffbc494138bda8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff9ee8116b4658 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9ee8116b4658 RBP: ffffbc494138bda8 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ee8116b4670 R11: 0000000000000000 R12: ffff9ee8116b4658 R13: ffff9ee8116b4670 R14: ffff9ee7b5c73d80 R15: ffff9ee8116b4000 _raw_spin_lock+0x3d/0x70 ? cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci] cdnsp_thread_irq_handler.cold+0x32/0x112c [cdnsp_udc_pci] ? cdnsp_remove_request+0x1f0/0x1f0 [cdnsp_udc_pci] ? cdnsp_thread_irq_handler+0x5/0xa0 [cdnsp_udc_pci] ? irq_thread+0xa0/0x1c0 irq_thread_fn+0x28/0x60 irq_thread+0x105/0x1c0 ? __kthread_parkme+0x42/0x90 ? irq_forced_thread_fn+0x90/0x90 ? wake_threads_waitq+0x30/0x30 ? irq_thread_check_affinity+0xe0/0xe0 kthread+0x12a/0x160 ? kthread_park+0x90/0x90 ret_from_fork+0x22/0x30 The root cause of issue is spin_lock/spin_unlock instruction instead spin_lock_irqsave/spin_lock_irqrestore in cdnsp_thread_irq_handler function.
AI-Powered Analysis
Technical Analysis
CVE-2021-47271 is a medium-severity vulnerability identified in the Linux kernel, specifically within the USB subsystem's cdnsp (Cadence USB Device Controller) driver. The issue arises from improper locking mechanisms in the cdnsp_thread_irq_handler function, where spin_lock and spin_unlock instructions are used instead of the safer spin_lock_irqsave and spin_unlock_irqrestore variants. This incorrect usage leads to a deadlock condition during interrupt handling, particularly when processing USB Network Control Model (NCM) class devices. The deadlock manifests as a non-responsive CSD (Core Scheduling Domain) lock on CPU#0, causing the affected CPU to hang and become unresponsive. The kernel stack traces provided indicate that the deadlock occurs during attempts to acquire spinlocks in interrupt context, which is critical because spin_lock_irqsave disables local interrupts to prevent deadlocks, whereas spin_lock does not, leading to potential lock contention and system hangs. This vulnerability does not impact confidentiality or integrity directly but severely affects system availability by causing kernel hangs or crashes. The vulnerability affects Linux kernel versions identified by the commit hash 3d82904559f4f5a2622db1b21de3edf2eded7664 and likely other versions containing the flawed cdnsp driver code. No known exploits are reported in the wild, but the nature of the bug suggests it could be triggered by malicious or malformed USB NCM devices or drivers interacting with the cdnsp driver. The CVSS v3.1 score is 5.5 (medium), reflecting the local attack vector, low complexity, low privileges required, no user interaction, and impact limited to availability. The root cause is a programming error in kernel interrupt handling and locking, which has been patched by replacing spin_lock/spin_unlock with spin_lock_irqsave/spin_unlock_irqrestore to properly manage interrupt states during locking.
Potential Impact
For European organizations, the primary impact of CVE-2021-47271 is on system availability and stability, particularly for systems running Linux kernels with the vulnerable cdnsp USB driver enabled. This is especially relevant for organizations using embedded Linux devices, network appliances, or industrial control systems that rely on USB NCM class devices for network connectivity. A successful exploitation could cause system hangs or kernel panics, leading to denial of service conditions. This could disrupt critical infrastructure, manufacturing processes, or enterprise network operations. Since the vulnerability requires local access or physical proximity to connect a malicious USB device, the risk is higher in environments where USB devices are frequently connected or where endpoint security is lax. The vulnerability does not expose data confidentiality or integrity directly but can cause operational downtime, which may have cascading effects on business continuity and service availability. European sectors such as manufacturing, telecommunications, and critical infrastructure that use Linux-based embedded systems or network devices are particularly at risk. Additionally, organizations with remote or on-site Linux servers that accept USB connections for maintenance or data transfer should be cautious. The lack of known exploits reduces immediate risk, but the medium severity and potential for denial of service warrant prompt attention.
Mitigation Recommendations
To mitigate CVE-2021-47271, European organizations should: 1) Apply the official Linux kernel patches that replace the improper spin_lock/spin_unlock calls with spin_lock_irqsave/spin_unlock_irqrestore in the cdnsp_thread_irq_handler function. This is the definitive fix to prevent the deadlock. 2) For systems where patching the kernel is not immediately feasible, consider disabling or unloading the cdnsp USB driver module if it is not required, thereby eliminating the attack surface. 3) Implement strict USB device control policies, including whitelisting authorized USB devices and restricting physical access to USB ports, to reduce the risk of malicious USB device insertion. 4) Monitor system logs and kernel messages for signs of deadlocks, kernel panics, or unusual USB device behavior that could indicate attempted exploitation. 5) For embedded or industrial Linux devices, coordinate with device vendors to ensure firmware and kernel updates include the fix. 6) Incorporate this vulnerability into vulnerability management and patching schedules, prioritizing systems with cdnsp driver usage. 7) Educate IT and security staff about the risks of USB-based attacks and the importance of applying kernel updates promptly. These targeted measures go beyond generic advice by focusing on the specific driver and usage context of the vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T13:27:52.127Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea280
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 12:21:23 PM
Last updated: 8/13/2025, 9:13:55 AM
Views: 12
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.