CVE-2021-47370: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache refill, so that the skb allocated by the core TCP code lacks the required MPTCP skb extensions. Due to the above, syzbot is able to trigger the following WARN_ON(): WARNING: CPU: 1 PID: 810 at net/mptcp/protocol.c:1366 mptcp_sendmsg_frag+0x1362/0x1bc0 net/mptcp/protocol.c:1366 Modules linked in: CPU: 1 PID: 810 Comm: syz-executor.4 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:mptcp_sendmsg_frag+0x1362/0x1bc0 net/mptcp/protocol.c:1366 Code: ff 4c 8b 74 24 50 48 8b 5c 24 58 e9 0f fb ff ff e8 13 44 8b f8 4c 89 e7 45 31 ed e8 98 57 2e fe e9 81 f4 ff ff e8 fe 43 8b f8 <0f> 0b 41 bd ea ff ff ff e9 6f f4 ff ff 4c 89 e7 e8 b9 8e d2 f8 e9 RSP: 0018:ffffc9000531f6a0 EFLAGS: 00010216 RAX: 000000000000697f RBX: 0000000000000000 RCX: ffffc90012107000 RDX: 0000000000040000 RSI: ffffffff88eac9e2 RDI: 0000000000000003 RBP: ffff888078b15780 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff88eac017 R11: 0000000000000000 R12: ffff88801de0a280 R13: 0000000000006b58 R14: ffff888066278280 R15: ffff88803c2fe9c0 FS: 00007fd9f866e700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007faebcb2f718 CR3: 00000000267cb000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __mptcp_push_pending+0x1fb/0x6b0 net/mptcp/protocol.c:1547 mptcp_release_cb+0xfe/0x210 net/mptcp/protocol.c:3003 release_sock+0xb4/0x1b0 net/core/sock.c:3206 sk_stream_wait_memory+0x604/0xed0 net/core/stream.c:145 mptcp_sendmsg+0xc39/0x1bc0 net/mptcp/protocol.c:1749 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:643 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 sock_write_iter+0x2a0/0x3e0 net/socket.c:1057 call_write_iter include/linux/fs.h:2163 [inline] new_sync_write+0x40b/0x640 fs/read_write.c:507 vfs_write+0x7cf/0xae0 fs/read_write.c:594 ksys_write+0x1ee/0x250 fs/read_write.c:647 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd9f866e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 RDX: 00000000000e7b78 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 0000000000a9fb1f R14: 00007fd9f866e300 R15: 0000000000022000 Fix the issue rewriting the relevant expression to avoid sign-related problems - note: size_goal is always >= 0. Additionally, ensure that the skb in the tx cache always carries the relevant extension.
AI Analysis
Technical Summary
CVE-2021-47370 is a vulnerability identified in the Linux kernel's implementation of Multipath TCP (MPTCP), a protocol extension that enables the simultaneous use of multiple TCP paths between two endpoints to increase redundancy and throughput. The vulnerability arises from a signed/unsigned integer comparison error in the kernel code, specifically in the expression 'info->size_goal - skb->len > 0'. Due to this comparison, when the size goal is smaller than the size of the socket buffer (skb), the condition incorrectly evaluates to true. This leads to a failure to refill the transmission (tx) cache properly, resulting in the skb allocated by the core TCP code lacking the necessary MPTCP skb extensions. The absence of these extensions can cause the kernel to trigger a WARN_ON() warning, indicating a critical internal inconsistency, and potentially leading to kernel instability or crashes. The issue was detected by syzbot, an automated kernel fuzzer, which triggered the warning during fuzz testing. The root cause is a sign-related bug, and the fix involves rewriting the expression to avoid signed/unsigned comparison issues and ensuring that the skb in the tx cache always carries the relevant MPTCP extension. This vulnerability affects specific Linux kernel versions identified by commit hashes and is relevant to systems utilizing MPTCP functionality. While no known exploits are currently reported in the wild, the vulnerability could lead to denial of service (DoS) conditions due to kernel warnings or crashes when exploited.
Potential Impact
For European organizations, the impact of CVE-2021-47370 primarily concerns systems running Linux kernels with MPTCP enabled or in use. MPTCP is often employed in environments requiring high availability and network redundancy, such as data centers, cloud infrastructure, telecom providers, and enterprises with complex networking needs. Exploitation of this vulnerability could lead to kernel warnings or crashes, causing service interruptions or denial of service on affected hosts. This is particularly critical for infrastructure providers and enterprises relying on Linux-based servers for critical applications, including financial services, healthcare, and government operations. Although the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could be leveraged to disrupt services or degrade network performance. The absence of known exploits reduces immediate risk, but the potential for DoS impacts necessitates prompt attention. Additionally, organizations using Linux-based cloud services or virtualized environments in Europe should assess their exposure, as underlying host kernels may be affected. The vulnerability's impact on confidentiality and integrity is low; however, availability impact is medium to high depending on the deployment context and reliance on MPTCP.
Mitigation Recommendations
To mitigate CVE-2021-47370, European organizations should: 1) Identify and inventory Linux systems running kernels with MPTCP support enabled, especially those in critical network infrastructure roles. 2) Apply the official Linux kernel patches that address this vulnerability as soon as they become available, or upgrade to a fixed kernel version. Since no patch links were provided, organizations should monitor trusted Linux kernel repositories and vendor advisories for updates. 3) If immediate patching is not feasible, consider disabling MPTCP functionality temporarily to prevent triggering the vulnerability, understanding that this may reduce network redundancy. 4) Implement robust kernel crash and warning monitoring to detect any signs of exploitation or instability related to this issue. 5) For cloud and virtualized environments, coordinate with service providers to ensure underlying host kernels are patched. 6) Conduct thorough testing in staging environments before deploying patches to production to avoid unintended disruptions. 7) Maintain up-to-date backups and incident response plans to quickly recover from potential service interruptions caused by this vulnerability. These steps go beyond generic advice by focusing on MPTCP-specific configurations and proactive monitoring tailored to this vulnerability's nature.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2021-47370: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache refill, so that the skb allocated by the core TCP code lacks the required MPTCP skb extensions. Due to the above, syzbot is able to trigger the following WARN_ON(): WARNING: CPU: 1 PID: 810 at net/mptcp/protocol.c:1366 mptcp_sendmsg_frag+0x1362/0x1bc0 net/mptcp/protocol.c:1366 Modules linked in: CPU: 1 PID: 810 Comm: syz-executor.4 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:mptcp_sendmsg_frag+0x1362/0x1bc0 net/mptcp/protocol.c:1366 Code: ff 4c 8b 74 24 50 48 8b 5c 24 58 e9 0f fb ff ff e8 13 44 8b f8 4c 89 e7 45 31 ed e8 98 57 2e fe e9 81 f4 ff ff e8 fe 43 8b f8 <0f> 0b 41 bd ea ff ff ff e9 6f f4 ff ff 4c 89 e7 e8 b9 8e d2 f8 e9 RSP: 0018:ffffc9000531f6a0 EFLAGS: 00010216 RAX: 000000000000697f RBX: 0000000000000000 RCX: ffffc90012107000 RDX: 0000000000040000 RSI: ffffffff88eac9e2 RDI: 0000000000000003 RBP: ffff888078b15780 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff88eac017 R11: 0000000000000000 R12: ffff88801de0a280 R13: 0000000000006b58 R14: ffff888066278280 R15: ffff88803c2fe9c0 FS: 00007fd9f866e700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007faebcb2f718 CR3: 00000000267cb000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __mptcp_push_pending+0x1fb/0x6b0 net/mptcp/protocol.c:1547 mptcp_release_cb+0xfe/0x210 net/mptcp/protocol.c:3003 release_sock+0xb4/0x1b0 net/core/sock.c:3206 sk_stream_wait_memory+0x604/0xed0 net/core/stream.c:145 mptcp_sendmsg+0xc39/0x1bc0 net/mptcp/protocol.c:1749 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:643 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 sock_write_iter+0x2a0/0x3e0 net/socket.c:1057 call_write_iter include/linux/fs.h:2163 [inline] new_sync_write+0x40b/0x640 fs/read_write.c:507 vfs_write+0x7cf/0xae0 fs/read_write.c:594 ksys_write+0x1ee/0x250 fs/read_write.c:647 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd9f866e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 RDX: 00000000000e7b78 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 0000000000a9fb1f R14: 00007fd9f866e300 R15: 0000000000022000 Fix the issue rewriting the relevant expression to avoid sign-related problems - note: size_goal is always >= 0. Additionally, ensure that the skb in the tx cache always carries the relevant extension.
AI-Powered Analysis
Technical Analysis
CVE-2021-47370 is a vulnerability identified in the Linux kernel's implementation of Multipath TCP (MPTCP), a protocol extension that enables the simultaneous use of multiple TCP paths between two endpoints to increase redundancy and throughput. The vulnerability arises from a signed/unsigned integer comparison error in the kernel code, specifically in the expression 'info->size_goal - skb->len > 0'. Due to this comparison, when the size goal is smaller than the size of the socket buffer (skb), the condition incorrectly evaluates to true. This leads to a failure to refill the transmission (tx) cache properly, resulting in the skb allocated by the core TCP code lacking the necessary MPTCP skb extensions. The absence of these extensions can cause the kernel to trigger a WARN_ON() warning, indicating a critical internal inconsistency, and potentially leading to kernel instability or crashes. The issue was detected by syzbot, an automated kernel fuzzer, which triggered the warning during fuzz testing. The root cause is a sign-related bug, and the fix involves rewriting the expression to avoid signed/unsigned comparison issues and ensuring that the skb in the tx cache always carries the relevant MPTCP extension. This vulnerability affects specific Linux kernel versions identified by commit hashes and is relevant to systems utilizing MPTCP functionality. While no known exploits are currently reported in the wild, the vulnerability could lead to denial of service (DoS) conditions due to kernel warnings or crashes when exploited.
Potential Impact
For European organizations, the impact of CVE-2021-47370 primarily concerns systems running Linux kernels with MPTCP enabled or in use. MPTCP is often employed in environments requiring high availability and network redundancy, such as data centers, cloud infrastructure, telecom providers, and enterprises with complex networking needs. Exploitation of this vulnerability could lead to kernel warnings or crashes, causing service interruptions or denial of service on affected hosts. This is particularly critical for infrastructure providers and enterprises relying on Linux-based servers for critical applications, including financial services, healthcare, and government operations. Although the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could be leveraged to disrupt services or degrade network performance. The absence of known exploits reduces immediate risk, but the potential for DoS impacts necessitates prompt attention. Additionally, organizations using Linux-based cloud services or virtualized environments in Europe should assess their exposure, as underlying host kernels may be affected. The vulnerability's impact on confidentiality and integrity is low; however, availability impact is medium to high depending on the deployment context and reliance on MPTCP.
Mitigation Recommendations
To mitigate CVE-2021-47370, European organizations should: 1) Identify and inventory Linux systems running kernels with MPTCP support enabled, especially those in critical network infrastructure roles. 2) Apply the official Linux kernel patches that address this vulnerability as soon as they become available, or upgrade to a fixed kernel version. Since no patch links were provided, organizations should monitor trusted Linux kernel repositories and vendor advisories for updates. 3) If immediate patching is not feasible, consider disabling MPTCP functionality temporarily to prevent triggering the vulnerability, understanding that this may reduce network redundancy. 4) Implement robust kernel crash and warning monitoring to detect any signs of exploitation or instability related to this issue. 5) For cloud and virtualized environments, coordinate with service providers to ensure underlying host kernels are patched. 6) Conduct thorough testing in staging environments before deploying patches to production to avoid unintended disruptions. 7) Maintain up-to-date backups and incident response plans to quickly recover from potential service interruptions caused by this vulnerability. These steps go beyond generic advice by focusing on MPTCP-specific configurations and proactive monitoring tailored to this vulnerability's nature.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:58:30.810Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe8f51
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 12:10:23 PM
Last updated: 7/21/2025, 6:16:09 AM
Views: 7
Related Threats
CVE-2025-8168: Buffer Overflow in D-Link DIR-513
HighCVE-2025-8167: Cross Site Scripting in code-projects Church Donation System
MediumCVE-2025-46198: n/a
HighCVE-2025-8197: Out-of-bounds Write in Red Hat Red Hat Enterprise Linux 10
MediumCVE-2025-30135: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.