CVE-2021-47468: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it: [ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018 [ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe [ 44.169574 ] INFO: lockdep is turned off. [ 44.169899 ] irq event stamp: 0 [ 44.170160 ] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 44.170627 ] hardirqs last disabled at (0): [<ffffffff814209ed>] copy_process+0x132d/0x3e00 [ 44.171240 ] softirqs last enabled at (0): [<ffffffff81420a1a>] copy_process+0x135a/0x3e00 [ 44.171852 ] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 44.172318 ] Preemption disabled at: [ 44.172320 ] [<ffffffffa009b0a9>] nj_release+0x69/0x500 [netjet] [ 44.174441 ] Call Trace: [ 44.174630 ] dump_stack_lvl+0xa8/0xd1 [ 44.174912 ] dump_stack+0x15/0x17 [ 44.175166 ] ___might_sleep+0x3a2/0x510 [ 44.175459 ] ? nj_release+0x69/0x500 [netjet] [ 44.175791 ] __might_sleep+0x82/0xe0 [ 44.176063 ] ? start_flush_work+0x20/0x7b0 [ 44.176375 ] start_flush_work+0x33/0x7b0 [ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170 [ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0 [ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0 [ 44.177711 ] __flush_work+0x11a/0x1a0 [ 44.177991 ] ? flush_work+0x20/0x20 [ 44.178257 ] ? lock_release+0x13c/0x8f0 [ 44.178550 ] ? __kasan_check_write+0x14/0x20 [ 44.178872 ] ? do_raw_spin_lock+0x148/0x360 [ 44.179187 ] ? read_lock_is_recursive+0x20/0x20 [ 44.179530 ] ? __kasan_check_read+0x11/0x20 [ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900 [ 44.180168 ] ? ____kasan_slab_free+0x116/0x140 [ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60 [ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0 [ 44.181189 ] ? kfree+0x13e/0x290 [ 44.181438 ] flush_work+0x17/0x20 [ 44.181695 ] mISDN_freedchannel+0xe8/0x100 [ 44.182006 ] isac_release+0x210/0x260 [mISDNipac] [ 44.182366 ] nj_release+0xf6/0x500 [netjet] [ 44.182685 ] nj_remove+0x48/0x70 [netjet] [ 44.182989 ] pci_device_remove+0xa9/0x250
AI Analysis
Technical Summary
CVE-2021-47468 is a vulnerability identified in the Linux kernel, specifically related to the ISDN subsystem's mISDN driver. The issue arises from the improper invocation of a sleeping function, card->isac.release(), from an atomic context. In kernel programming, atomic contexts are critical sections where sleeping or blocking operations are forbidden because they can cause deadlocks or system instability. The vulnerability manifests when the driver calls this release function while holding a lock and within an atomic context, which violates kernel execution rules. The provided kernel logs indicate a BUG triggered by a sleeping function call from an invalid context, with detailed stack traces pointing to the mISDN driver and related functions such as nj_release and isac_release. The root cause is that the release function is called before releasing the lock, causing the kernel to attempt to sleep while it should not. The fix involves deferring the call to card->isac.release() until after the lock is released, ensuring that the function is not called in an atomic context. This vulnerability could lead to kernel instability, including system crashes (kernel panics), denial of service, or unpredictable behavior of the affected systems. Since the issue is within the kernel's ISDN driver, it affects Linux systems using this driver, which may be embedded systems, specialized telecommunications equipment, or servers with ISDN hardware. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and requires kernel-level understanding to exploit or mitigate.
Potential Impact
For European organizations, the impact of CVE-2021-47468 depends on their use of Linux systems with ISDN hardware or the mISDN driver. ISDN technology, while less common than modern IP-based communications, is still in use in certain telecommunications infrastructures, industrial control systems, and legacy environments. Organizations in sectors such as telecommunications, manufacturing, utilities, and government agencies that rely on Linux-based systems with ISDN components could experience system crashes or denial of service due to this vulnerability. This could disrupt critical services, lead to downtime, and potentially affect data integrity if systems become unstable. The vulnerability does not directly lead to privilege escalation or remote code execution but can cause kernel panics, which impact availability. Given the kernel-level nature, exploitation requires local access or the ability to trigger the vulnerable driver code, limiting remote exploitation risks but increasing concerns for insider threats or compromised systems. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug, impacting operational continuity.
Mitigation Recommendations
Mitigation should focus on applying the official Linux kernel patches that fix the issue by deferring the call to the release function until after releasing the lock. Organizations should: 1) Identify all Linux systems running kernels with the affected mISDN driver, especially those with ISDN hardware or related telecommunications equipment. 2) Update to the latest stable Linux kernel versions that include the fix for CVE-2021-47468. 3) For systems where kernel updates are not immediately feasible, consider disabling the mISDN driver or ISDN hardware if not in use, to reduce attack surface. 4) Monitor system logs for kernel BUG messages or crashes related to sleeping functions called from atomic contexts, which may indicate attempts to trigger the vulnerability. 5) Implement strict access controls and monitoring on systems with ISDN hardware to prevent unauthorized local access that could exploit this vulnerability. 6) Coordinate with hardware vendors and Linux distribution maintainers to ensure timely patch deployment and validation. These steps go beyond generic advice by focusing on the specific driver and context of the vulnerability, emphasizing detection and controlled mitigation in operational environments.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Poland
CVE-2021-47468: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it: [ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018 [ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe [ 44.169574 ] INFO: lockdep is turned off. [ 44.169899 ] irq event stamp: 0 [ 44.170160 ] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 44.170627 ] hardirqs last disabled at (0): [<ffffffff814209ed>] copy_process+0x132d/0x3e00 [ 44.171240 ] softirqs last enabled at (0): [<ffffffff81420a1a>] copy_process+0x135a/0x3e00 [ 44.171852 ] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 44.172318 ] Preemption disabled at: [ 44.172320 ] [<ffffffffa009b0a9>] nj_release+0x69/0x500 [netjet] [ 44.174441 ] Call Trace: [ 44.174630 ] dump_stack_lvl+0xa8/0xd1 [ 44.174912 ] dump_stack+0x15/0x17 [ 44.175166 ] ___might_sleep+0x3a2/0x510 [ 44.175459 ] ? nj_release+0x69/0x500 [netjet] [ 44.175791 ] __might_sleep+0x82/0xe0 [ 44.176063 ] ? start_flush_work+0x20/0x7b0 [ 44.176375 ] start_flush_work+0x33/0x7b0 [ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170 [ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0 [ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0 [ 44.177711 ] __flush_work+0x11a/0x1a0 [ 44.177991 ] ? flush_work+0x20/0x20 [ 44.178257 ] ? lock_release+0x13c/0x8f0 [ 44.178550 ] ? __kasan_check_write+0x14/0x20 [ 44.178872 ] ? do_raw_spin_lock+0x148/0x360 [ 44.179187 ] ? read_lock_is_recursive+0x20/0x20 [ 44.179530 ] ? __kasan_check_read+0x11/0x20 [ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900 [ 44.180168 ] ? ____kasan_slab_free+0x116/0x140 [ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60 [ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0 [ 44.181189 ] ? kfree+0x13e/0x290 [ 44.181438 ] flush_work+0x17/0x20 [ 44.181695 ] mISDN_freedchannel+0xe8/0x100 [ 44.182006 ] isac_release+0x210/0x260 [mISDNipac] [ 44.182366 ] nj_release+0xf6/0x500 [netjet] [ 44.182685 ] nj_remove+0x48/0x70 [netjet] [ 44.182989 ] pci_device_remove+0xa9/0x250
AI-Powered Analysis
Technical Analysis
CVE-2021-47468 is a vulnerability identified in the Linux kernel, specifically related to the ISDN subsystem's mISDN driver. The issue arises from the improper invocation of a sleeping function, card->isac.release(), from an atomic context. In kernel programming, atomic contexts are critical sections where sleeping or blocking operations are forbidden because they can cause deadlocks or system instability. The vulnerability manifests when the driver calls this release function while holding a lock and within an atomic context, which violates kernel execution rules. The provided kernel logs indicate a BUG triggered by a sleeping function call from an invalid context, with detailed stack traces pointing to the mISDN driver and related functions such as nj_release and isac_release. The root cause is that the release function is called before releasing the lock, causing the kernel to attempt to sleep while it should not. The fix involves deferring the call to card->isac.release() until after the lock is released, ensuring that the function is not called in an atomic context. This vulnerability could lead to kernel instability, including system crashes (kernel panics), denial of service, or unpredictable behavior of the affected systems. Since the issue is within the kernel's ISDN driver, it affects Linux systems using this driver, which may be embedded systems, specialized telecommunications equipment, or servers with ISDN hardware. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and requires kernel-level understanding to exploit or mitigate.
Potential Impact
For European organizations, the impact of CVE-2021-47468 depends on their use of Linux systems with ISDN hardware or the mISDN driver. ISDN technology, while less common than modern IP-based communications, is still in use in certain telecommunications infrastructures, industrial control systems, and legacy environments. Organizations in sectors such as telecommunications, manufacturing, utilities, and government agencies that rely on Linux-based systems with ISDN components could experience system crashes or denial of service due to this vulnerability. This could disrupt critical services, lead to downtime, and potentially affect data integrity if systems become unstable. The vulnerability does not directly lead to privilege escalation or remote code execution but can cause kernel panics, which impact availability. Given the kernel-level nature, exploitation requires local access or the ability to trigger the vulnerable driver code, limiting remote exploitation risks but increasing concerns for insider threats or compromised systems. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug, impacting operational continuity.
Mitigation Recommendations
Mitigation should focus on applying the official Linux kernel patches that fix the issue by deferring the call to the release function until after releasing the lock. Organizations should: 1) Identify all Linux systems running kernels with the affected mISDN driver, especially those with ISDN hardware or related telecommunications equipment. 2) Update to the latest stable Linux kernel versions that include the fix for CVE-2021-47468. 3) For systems where kernel updates are not immediately feasible, consider disabling the mISDN driver or ISDN hardware if not in use, to reduce attack surface. 4) Monitor system logs for kernel BUG messages or crashes related to sleeping functions called from atomic contexts, which may indicate attempts to trigger the vulnerability. 5) Implement strict access controls and monitoring on systems with ISDN hardware to prevent unauthorized local access that could exploit this vulnerability. 6) Coordinate with hardware vendors and Linux distribution maintainers to ensure timely patch deployment and validation. These steps go beyond generic advice by focusing on the specific driver and context of the vulnerability, emphasizing detection and controlled mitigation in operational environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-22T06:20:56.199Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe9218
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 1:27:06 PM
Last updated: 8/1/2025, 7:01:12 PM
Views: 10
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.