CVE-2021-47290: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core: Make completion affinity configurable") makes target_complete_cmd() queue work on a CPU based on se_tpg->se_tpg_wwn->cmd_compl_affinity state. LIO's EXTENDED COPY worker is a special case in that read/write cmds are dispatched using the global xcopy_pt_tpg, which carries a NULL se_tpg_wwn pointer following initialization in target_xcopy_setup_pt(). The NULL xcopy_pt_tpg->se_tpg_wwn pointer is dereferenced on completion of any EXTENDED COPY initiated read/write cmds. E.g using the libiscsi SCSI.ExtendedCopy.Simple test: BUG: kernel NULL pointer dereference, address: 00000000000001a8 RIP: 0010:target_complete_cmd+0x9d/0x130 [target_core_mod] Call Trace: fd_execute_rw+0x148/0x42a [target_core_file] ? __dynamic_pr_debug+0xa7/0xe0 ? target_check_reservation+0x5b/0x940 [target_core_mod] __target_execute_cmd+0x1e/0x90 [target_core_mod] transport_generic_new_cmd+0x17c/0x330 [target_core_mod] target_xcopy_issue_pt_cmd+0x9/0x60 [target_core_mod] target_xcopy_read_source.isra.7+0x10b/0x1b0 [target_core_mod] ? target_check_fua+0x40/0x40 [target_core_mod] ? transport_complete_task_attr+0x130/0x130 [target_core_mod] target_xcopy_do_work+0x61f/0xc00 [target_core_mod] This fix makes target_complete_cmd() queue work on se_cmd->cpuid if se_tpg_wwn is NULL.
AI Analysis
Technical Summary
CVE-2021-47290 is a vulnerability identified in the Linux kernel's SCSI target subsystem, specifically within the target_core_mod module that handles SCSI target operations. The flaw arises from a NULL pointer dereference triggered during the completion of EXTENDED COPY (XCOPY) commands. The vulnerability is rooted in the way CPU affinity control was implemented for command completion work queues. A commit (39ae3edda325) introduced configurable CPU affinity for target_complete_cmd(), which queues work on a CPU based on the se_tpg_wwn->cmd_compl_affinity state. However, the EXTENDED COPY worker uses a global xcopy_pt_tpg structure that has a NULL se_tpg_wwn pointer after initialization. When read/write commands initiated by EXTENDED COPY complete, the code dereferences this NULL pointer, leading to a kernel NULL pointer dereference and consequent crash (BUG). This can cause denial of service by crashing the kernel or destabilizing the system. The fix involves modifying target_complete_cmd() to queue work on se_cmd->cpuid if se_tpg_wwn is NULL, preventing the NULL pointer dereference. The vulnerability affects Linux kernel versions containing the specified commit and is relevant to systems using the Linux SCSI target framework, particularly those leveraging the EXTENDED COPY feature for storage operations. There are no known exploits in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-47290 primarily revolves around availability and system stability. Systems running Linux kernels with the vulnerable SCSI target implementation, especially those acting as storage servers or SAN targets using EXTENDED COPY commands, may experience kernel crashes leading to denial of service. This can disrupt critical storage operations, affecting data availability and potentially causing downtime for services relying on these storage backends. Organizations in sectors with high reliance on Linux-based storage infrastructure—such as cloud providers, data centers, financial institutions, and telecommunications—may face operational interruptions. Although this vulnerability does not directly expose confidentiality or integrity risks, the resulting instability could indirectly impact business continuity and service-level agreements. The absence of known exploits reduces immediate risk, but the vulnerability's presence in kernel code used widely across servers and storage appliances means that targeted attacks or accidental triggering could have significant operational consequences.
Mitigation Recommendations
To mitigate CVE-2021-47290, European organizations should: 1) Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or distributions. 2) Identify and inventory systems using the Linux SCSI target framework, particularly those utilizing EXTENDED COPY functionality, to prioritize patching efforts. 3) If immediate patching is not feasible, consider disabling or restricting the use of EXTENDED COPY commands or the SCSI target functionality on affected systems to reduce exposure. 4) Implement monitoring for kernel crashes or unusual SCSI target subsystem logs that could indicate attempts to trigger this vulnerability. 5) Engage with hardware and storage appliance vendors to confirm whether their products incorporate vulnerable Linux kernel versions and request firmware or software updates. 6) Incorporate this vulnerability into incident response and vulnerability management workflows to ensure timely detection and remediation. These steps go beyond generic advice by focusing on the specific subsystem and usage patterns related to the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland
CVE-2021-47290: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core: Make completion affinity configurable") makes target_complete_cmd() queue work on a CPU based on se_tpg->se_tpg_wwn->cmd_compl_affinity state. LIO's EXTENDED COPY worker is a special case in that read/write cmds are dispatched using the global xcopy_pt_tpg, which carries a NULL se_tpg_wwn pointer following initialization in target_xcopy_setup_pt(). The NULL xcopy_pt_tpg->se_tpg_wwn pointer is dereferenced on completion of any EXTENDED COPY initiated read/write cmds. E.g using the libiscsi SCSI.ExtendedCopy.Simple test: BUG: kernel NULL pointer dereference, address: 00000000000001a8 RIP: 0010:target_complete_cmd+0x9d/0x130 [target_core_mod] Call Trace: fd_execute_rw+0x148/0x42a [target_core_file] ? __dynamic_pr_debug+0xa7/0xe0 ? target_check_reservation+0x5b/0x940 [target_core_mod] __target_execute_cmd+0x1e/0x90 [target_core_mod] transport_generic_new_cmd+0x17c/0x330 [target_core_mod] target_xcopy_issue_pt_cmd+0x9/0x60 [target_core_mod] target_xcopy_read_source.isra.7+0x10b/0x1b0 [target_core_mod] ? target_check_fua+0x40/0x40 [target_core_mod] ? transport_complete_task_attr+0x130/0x130 [target_core_mod] target_xcopy_do_work+0x61f/0xc00 [target_core_mod] This fix makes target_complete_cmd() queue work on se_cmd->cpuid if se_tpg_wwn is NULL.
AI-Powered Analysis
Technical Analysis
CVE-2021-47290 is a vulnerability identified in the Linux kernel's SCSI target subsystem, specifically within the target_core_mod module that handles SCSI target operations. The flaw arises from a NULL pointer dereference triggered during the completion of EXTENDED COPY (XCOPY) commands. The vulnerability is rooted in the way CPU affinity control was implemented for command completion work queues. A commit (39ae3edda325) introduced configurable CPU affinity for target_complete_cmd(), which queues work on a CPU based on the se_tpg_wwn->cmd_compl_affinity state. However, the EXTENDED COPY worker uses a global xcopy_pt_tpg structure that has a NULL se_tpg_wwn pointer after initialization. When read/write commands initiated by EXTENDED COPY complete, the code dereferences this NULL pointer, leading to a kernel NULL pointer dereference and consequent crash (BUG). This can cause denial of service by crashing the kernel or destabilizing the system. The fix involves modifying target_complete_cmd() to queue work on se_cmd->cpuid if se_tpg_wwn is NULL, preventing the NULL pointer dereference. The vulnerability affects Linux kernel versions containing the specified commit and is relevant to systems using the Linux SCSI target framework, particularly those leveraging the EXTENDED COPY feature for storage operations. There are no known exploits in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-47290 primarily revolves around availability and system stability. Systems running Linux kernels with the vulnerable SCSI target implementation, especially those acting as storage servers or SAN targets using EXTENDED COPY commands, may experience kernel crashes leading to denial of service. This can disrupt critical storage operations, affecting data availability and potentially causing downtime for services relying on these storage backends. Organizations in sectors with high reliance on Linux-based storage infrastructure—such as cloud providers, data centers, financial institutions, and telecommunications—may face operational interruptions. Although this vulnerability does not directly expose confidentiality or integrity risks, the resulting instability could indirectly impact business continuity and service-level agreements. The absence of known exploits reduces immediate risk, but the vulnerability's presence in kernel code used widely across servers and storage appliances means that targeted attacks or accidental triggering could have significant operational consequences.
Mitigation Recommendations
To mitigate CVE-2021-47290, European organizations should: 1) Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or distributions. 2) Identify and inventory systems using the Linux SCSI target framework, particularly those utilizing EXTENDED COPY functionality, to prioritize patching efforts. 3) If immediate patching is not feasible, consider disabling or restricting the use of EXTENDED COPY commands or the SCSI target functionality on affected systems to reduce exposure. 4) Implement monitoring for kernel crashes or unusual SCSI target subsystem logs that could indicate attempts to trigger this vulnerability. 5) Engage with hardware and storage appliance vendors to confirm whether their products incorporate vulnerable Linux kernel versions and request firmware or software updates. 6) Incorporate this vulnerability into incident response and vulnerability management workflows to ensure timely detection and remediation. These steps go beyond generic advice by focusing on the specific subsystem and usage patterns related to the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T13:27:52.129Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea310
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 11:21:13 AM
Last updated: 7/9/2025, 11:16:23 AM
Views: 6
Related Threats
CVE-2025-7483: SQL Injection in PHPGurukul Vehicle Parking Management System
MediumCVE-2025-7482: SQL Injection in PHPGurukul Vehicle Parking Management System
MediumCVE-2025-7481: SQL Injection in PHPGurukul Vehicle Parking Management System
MediumCVE-2025-7480: SQL Injection in PHPGurukul Vehicle Parking Management System
MediumCVE-2025-7479: SQL Injection in PHPGurukul Vehicle Parking Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.