CVE-2021-47481: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but an errant set to desc_size in reg_create() causes a crash: BUG: unable to handle page fault for address: 0000000800000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 5 PID: 890 Comm: ib_write_bw Not tainted 5.15.0-rc4+ #47 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:mlx5_ib_dereg_mr+0x14/0x3b0 [mlx5_ib] Code: 48 63 cd 4c 89 f7 48 89 0c 24 e8 37 30 03 e1 48 8b 0c 24 eb a0 90 0f 1f 44 00 00 41 56 41 55 41 54 55 53 48 89 fb 48 83 ec 30 <48> 8b 2f 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 8b 87 c8 RSP: 0018:ffff88811afa3a60 EFLAGS: 00010286 RAX: 000000000000001c RBX: 0000000800000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000800000000 RBP: 0000000800000000 R08: 0000000000000000 R09: c0000000fffff7ff R10: ffff88811afa38f8 R11: ffff88811afa38f0 R12: ffffffffa02c7ac0 R13: 0000000000000000 R14: ffff88811afa3cd8 R15: ffff88810772fa00 FS: 00007f47b9080740(0000) GS:ffff88852cd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000800000000 CR3: 000000010761e003 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_free_odp_mr+0x95/0xc0 [mlx5_ib] mlx5_ib_dereg_mr+0x128/0x3b0 [mlx5_ib] ib_dereg_mr_user+0x45/0xb0 [ib_core] ? xas_load+0x8/0x80 destroy_hw_idr_uobject+0x1a/0x50 [ib_uverbs] uverbs_destroy_uobject+0x2f/0x150 [ib_uverbs] uobj_destroy+0x3c/0x70 [ib_uverbs] ib_uverbs_cmd_verbs+0x467/0xb00 [ib_uverbs] ? uverbs_finalize_object+0x60/0x60 [ib_uverbs] ? ttwu_queue_wakelist+0xa9/0xe0 ? pty_write+0x85/0x90 ? file_tty_write.isra.33+0x214/0x330 ? process_echoes+0x60/0x60 ib_uverbs_ioctl+0xa7/0x110 [ib_uverbs] __x64_sys_ioctl+0x10d/0x8e0 ? vfs_write+0x17f/0x260 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Add the missing xarray initialization and remove the desc_size set.
AI Analysis
Technical Summary
CVE-2021-47481 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the mlx5 driver which supports Mellanox ConnectX-5 network adapters. The issue arises from improper initialization of the On-Demand Paging (ODP) xarray when creating an ODP Memory Region (MR). Normally, zero-filling memory would mask this missing initialization, but an erroneous assignment to the desc_size variable in the reg_create() function leads to a kernel crash due to an unhandled page fault. This fault occurs when the mlx5_ib_dereg_mr() function attempts to deregister a memory region, triggering a BUG and kernel oops, which results in a denial of service (system crash or hang). The vulnerability is rooted in a logic error in the mlx5_ib driver code, where the ODP xarray is not properly initialized before use, causing invalid memory access. The provided stack trace shows the crash occurs in kernel space during RDMA operations, specifically when user-space applications interact with the ib_uverbs interface to deregister memory regions. This vulnerability affects Linux kernel versions containing the specified commits prior to the fix, and it is relevant for systems using Mellanox hardware with RDMA capabilities. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned. The fix involves adding the missing xarray initialization and removing the incorrect desc_size assignment to prevent the crash.
Potential Impact
For European organizations, the impact of CVE-2021-47481 primarily concerns systems that utilize RDMA technology, especially those deploying Mellanox ConnectX-5 network adapters in high-performance computing (HPC), data centers, or cloud infrastructure. The vulnerability can cause kernel crashes leading to denial of service, which disrupts critical applications relying on low-latency, high-throughput networking. This can affect financial institutions, research centers, telecommunications providers, and cloud service operators that depend on stable RDMA-enabled Linux servers. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting system instability can cause operational downtime, data processing delays, and potential loss of availability for services. Given the specialized nature of RDMA hardware, the scope is limited to environments using this technology, but the impact on availability in these contexts can be significant. Additionally, the lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploit development.
Mitigation Recommendations
European organizations should take the following specific steps to mitigate CVE-2021-47481: 1) Identify Linux systems running kernels with the affected mlx5_ib driver versions, especially those using Mellanox ConnectX-5 or similar RDMA hardware. 2) Apply the official Linux kernel patches that initialize the ODP xarray correctly and remove the erroneous desc_size assignment as soon as they become available from trusted Linux distributions or kernel maintainers. 3) For environments where immediate patching is not feasible, consider disabling RDMA functionality or the mlx5_ib driver temporarily to prevent triggering the vulnerability, understanding this may impact performance. 4) Monitor kernel logs and system stability closely for signs of crashes related to ib_write_bw or ib_uverbs ioctl calls, which may indicate attempts to trigger the bug. 5) Incorporate this vulnerability into vulnerability management and incident response processes to ensure timely detection and remediation. 6) Engage with hardware vendors and Linux distribution providers for guidance and updates on patches and mitigations specific to their platforms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2021-47481: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but an errant set to desc_size in reg_create() causes a crash: BUG: unable to handle page fault for address: 0000000800000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 5 PID: 890 Comm: ib_write_bw Not tainted 5.15.0-rc4+ #47 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:mlx5_ib_dereg_mr+0x14/0x3b0 [mlx5_ib] Code: 48 63 cd 4c 89 f7 48 89 0c 24 e8 37 30 03 e1 48 8b 0c 24 eb a0 90 0f 1f 44 00 00 41 56 41 55 41 54 55 53 48 89 fb 48 83 ec 30 <48> 8b 2f 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 8b 87 c8 RSP: 0018:ffff88811afa3a60 EFLAGS: 00010286 RAX: 000000000000001c RBX: 0000000800000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000800000000 RBP: 0000000800000000 R08: 0000000000000000 R09: c0000000fffff7ff R10: ffff88811afa38f8 R11: ffff88811afa38f0 R12: ffffffffa02c7ac0 R13: 0000000000000000 R14: ffff88811afa3cd8 R15: ffff88810772fa00 FS: 00007f47b9080740(0000) GS:ffff88852cd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000800000000 CR3: 000000010761e003 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_free_odp_mr+0x95/0xc0 [mlx5_ib] mlx5_ib_dereg_mr+0x128/0x3b0 [mlx5_ib] ib_dereg_mr_user+0x45/0xb0 [ib_core] ? xas_load+0x8/0x80 destroy_hw_idr_uobject+0x1a/0x50 [ib_uverbs] uverbs_destroy_uobject+0x2f/0x150 [ib_uverbs] uobj_destroy+0x3c/0x70 [ib_uverbs] ib_uverbs_cmd_verbs+0x467/0xb00 [ib_uverbs] ? uverbs_finalize_object+0x60/0x60 [ib_uverbs] ? ttwu_queue_wakelist+0xa9/0xe0 ? pty_write+0x85/0x90 ? file_tty_write.isra.33+0x214/0x330 ? process_echoes+0x60/0x60 ib_uverbs_ioctl+0xa7/0x110 [ib_uverbs] __x64_sys_ioctl+0x10d/0x8e0 ? vfs_write+0x17f/0x260 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Add the missing xarray initialization and remove the desc_size set.
AI-Powered Analysis
Technical Analysis
CVE-2021-47481 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the mlx5 driver which supports Mellanox ConnectX-5 network adapters. The issue arises from improper initialization of the On-Demand Paging (ODP) xarray when creating an ODP Memory Region (MR). Normally, zero-filling memory would mask this missing initialization, but an erroneous assignment to the desc_size variable in the reg_create() function leads to a kernel crash due to an unhandled page fault. This fault occurs when the mlx5_ib_dereg_mr() function attempts to deregister a memory region, triggering a BUG and kernel oops, which results in a denial of service (system crash or hang). The vulnerability is rooted in a logic error in the mlx5_ib driver code, where the ODP xarray is not properly initialized before use, causing invalid memory access. The provided stack trace shows the crash occurs in kernel space during RDMA operations, specifically when user-space applications interact with the ib_uverbs interface to deregister memory regions. This vulnerability affects Linux kernel versions containing the specified commits prior to the fix, and it is relevant for systems using Mellanox hardware with RDMA capabilities. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned. The fix involves adding the missing xarray initialization and removing the incorrect desc_size assignment to prevent the crash.
Potential Impact
For European organizations, the impact of CVE-2021-47481 primarily concerns systems that utilize RDMA technology, especially those deploying Mellanox ConnectX-5 network adapters in high-performance computing (HPC), data centers, or cloud infrastructure. The vulnerability can cause kernel crashes leading to denial of service, which disrupts critical applications relying on low-latency, high-throughput networking. This can affect financial institutions, research centers, telecommunications providers, and cloud service operators that depend on stable RDMA-enabled Linux servers. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting system instability can cause operational downtime, data processing delays, and potential loss of availability for services. Given the specialized nature of RDMA hardware, the scope is limited to environments using this technology, but the impact on availability in these contexts can be significant. Additionally, the lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploit development.
Mitigation Recommendations
European organizations should take the following specific steps to mitigate CVE-2021-47481: 1) Identify Linux systems running kernels with the affected mlx5_ib driver versions, especially those using Mellanox ConnectX-5 or similar RDMA hardware. 2) Apply the official Linux kernel patches that initialize the ODP xarray correctly and remove the erroneous desc_size assignment as soon as they become available from trusted Linux distributions or kernel maintainers. 3) For environments where immediate patching is not feasible, consider disabling RDMA functionality or the mlx5_ib driver temporarily to prevent triggering the vulnerability, understanding this may impact performance. 4) Monitor kernel logs and system stability closely for signs of crashes related to ib_write_bw or ib_uverbs ioctl calls, which may indicate attempts to trigger the bug. 5) Incorporate this vulnerability into vulnerability management and incident response processes to ensure timely detection and remediation. 6) Engage with hardware vendors and Linux distribution providers for guidance and updates on patches and mitigations specific to their platforms.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-22T06:20:56.200Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde112
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 5:24:29 AM
Last updated: 8/3/2025, 7:01:15 PM
Views: 13
Related Threats
CVE-2025-6184: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in themeum Tutor LMS Pro
HighCVE-2025-8762: Improper Physical Access Control in INSTAR 2K+
HighCVE-2025-8761: Denial of Service in INSTAR 2K+
HighCVE-2025-8760: Buffer Overflow in INSTAR 2K+
CriticalCVE-2025-6715: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in LatePoint
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.