CVE-2021-47536: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong list_del in smc_lgr_cleanup_early smc_lgr_cleanup_early() meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove the real link group from the list and later memseted the link group structure. We got a list corruption panic when testing: [ 231.277259] list_del corruption. prev->next should be ffff8881398a8000, but was 0000000000000000 [ 231.278222] ------------[ cut here ]------------ [ 231.278726] kernel BUG at lib/list_debug.c:53! [ 231.279326] invalid opcode: 0000 [#1] SMP NOPTI [ 231.279803] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.46+ #435 [ 231.280466] Hardware name: Alibaba Cloud ECS, BIOS 8c24b4c 04/01/2014 [ 231.281248] Workqueue: events smc_link_down_work [ 231.281732] RIP: 0010:__list_del_entry_valid+0x70/0x90 [ 231.282258] Code: 4c 60 82 e8 7d cc 6a 00 0f 0b 48 89 fe 48 c7 c7 88 4c 60 82 e8 6c cc 6a 00 0f 0b 48 89 fe 48 c7 c7 c0 4c 60 82 e8 5b cc 6a 00 <0f> 0b 48 89 fe 48 c7 c7 00 4d 60 82 e8 4a cc 6a 00 0f 0b cc cc cc [ 231.284146] RSP: 0018:ffffc90000033d58 EFLAGS: 00010292 [ 231.284685] RAX: 0000000000000054 RBX: ffff8881398a8000 RCX: 0000000000000000 [ 231.285415] RDX: 0000000000000001 RSI: ffff88813bc18040 RDI: ffff88813bc18040 [ 231.286141] RBP: ffffffff8305ad40 R08: 0000000000000003 R09: 0000000000000001 [ 231.286873] R10: ffffffff82803da0 R11: ffffc90000033b90 R12: 0000000000000001 [ 231.287606] R13: 0000000000000000 R14: ffff8881398a8000 R15: 0000000000000003 [ 231.288337] FS: 0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 [ 231.289160] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.289754] CR2: 0000000000e72058 CR3: 000000010fa96006 CR4: 00000000003706f0 [ 231.290485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 231.291211] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 231.291940] Call Trace: [ 231.292211] smc_lgr_terminate_sched+0x53/0xa0 [ 231.292677] smc_switch_conns+0x75/0x6b0 [ 231.293085] ? update_load_avg+0x1a6/0x590 [ 231.293517] ? ttwu_do_wakeup+0x17/0x150 [ 231.293907] ? update_load_avg+0x1a6/0x590 [ 231.294317] ? newidle_balance+0xca/0x3d0 [ 231.294716] smcr_link_down+0x50/0x1a0 [ 231.295090] ? __wake_up_common_lock+0x77/0x90 [ 231.295534] smc_link_down_work+0x46/0x60 [ 231.295933] process_one_work+0x18b/0x350
AI Analysis
Technical Summary
CVE-2021-47536 is a vulnerability in the Linux kernel specifically affecting the SMC (Shared Memory Communications) subsystem. The flaw arises from an incorrect use of the list_del function within the smc_lgr_cleanup_early() routine. This function is intended to remove a link group from a linked list that manages these groups. However, due to a coding error, the function mistakenly deletes the list head instead of the actual link group entry. Consequently, the real link group remains in the list but is later overwritten (memset), leading to memory corruption. This corruption manifests as list corruption panics and kernel BUGs, causing system instability and crashes. The provided kernel logs demonstrate a typical crash scenario with invalid list pointers and a kernel panic triggered in list_debug.c, indicating severe list integrity violations. The vulnerability affects Linux kernel versions around 5.10.46+, as indicated by the kernel version in the logs. Although no known exploits are reported in the wild, the flaw can cause denial of service (DoS) through kernel panics and potential memory corruption, which might be leveraged for privilege escalation or arbitrary code execution in certain scenarios. The vulnerability requires kernel-level code execution or triggering conditions within the SMC subsystem, which is used primarily in high-performance computing and specialized network environments. This issue was publicly disclosed and patched in May 2024, but no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-47536 primarily involves system stability and availability risks. Organizations running Linux servers, especially those utilizing the SMC subsystem for high-speed networking or specialized communication tasks, may experience unexpected kernel panics leading to service outages. This can disrupt critical infrastructure, cloud services, and enterprise applications relying on Linux-based systems. Memory corruption could potentially be exploited to escalate privileges or execute arbitrary code, although no such exploits are currently known. The vulnerability poses a higher risk to data centers, cloud providers, and research institutions in Europe that deploy Linux kernels with SMC enabled. The downtime and recovery efforts could lead to operational disruptions and financial losses. Furthermore, given the widespread use of Linux in European government, finance, and telecommunications sectors, unpatched systems could be targeted for denial-of-service attacks or leveraged as footholds in broader attack campaigns.
Mitigation Recommendations
1. Immediate patching: Apply the latest Linux kernel updates that address CVE-2021-47536 as soon as they become available. Monitor vendor advisories for backported patches in enterprise distributions. 2. Disable SMC if not required: Since the vulnerability is in the SMC subsystem, disabling SMC support in the kernel configuration or via runtime parameters can mitigate exposure. 3. Kernel hardening: Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and use of security modules like SELinux or AppArmor to reduce exploitation risk. 4. Monitoring and alerting: Implement monitoring for kernel panics and unusual system crashes to detect potential exploitation attempts early. 5. Controlled environment testing: Before deploying patches, test updates in staging environments to ensure stability and compatibility, especially in critical production systems. 6. Incident response readiness: Prepare response plans for potential denial-of-service incidents caused by this vulnerability, including backup and recovery procedures.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Italy
CVE-2021-47536: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong list_del in smc_lgr_cleanup_early smc_lgr_cleanup_early() meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove the real link group from the list and later memseted the link group structure. We got a list corruption panic when testing: [ 231.277259] list_del corruption. prev->next should be ffff8881398a8000, but was 0000000000000000 [ 231.278222] ------------[ cut here ]------------ [ 231.278726] kernel BUG at lib/list_debug.c:53! [ 231.279326] invalid opcode: 0000 [#1] SMP NOPTI [ 231.279803] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.46+ #435 [ 231.280466] Hardware name: Alibaba Cloud ECS, BIOS 8c24b4c 04/01/2014 [ 231.281248] Workqueue: events smc_link_down_work [ 231.281732] RIP: 0010:__list_del_entry_valid+0x70/0x90 [ 231.282258] Code: 4c 60 82 e8 7d cc 6a 00 0f 0b 48 89 fe 48 c7 c7 88 4c 60 82 e8 6c cc 6a 00 0f 0b 48 89 fe 48 c7 c7 c0 4c 60 82 e8 5b cc 6a 00 <0f> 0b 48 89 fe 48 c7 c7 00 4d 60 82 e8 4a cc 6a 00 0f 0b cc cc cc [ 231.284146] RSP: 0018:ffffc90000033d58 EFLAGS: 00010292 [ 231.284685] RAX: 0000000000000054 RBX: ffff8881398a8000 RCX: 0000000000000000 [ 231.285415] RDX: 0000000000000001 RSI: ffff88813bc18040 RDI: ffff88813bc18040 [ 231.286141] RBP: ffffffff8305ad40 R08: 0000000000000003 R09: 0000000000000001 [ 231.286873] R10: ffffffff82803da0 R11: ffffc90000033b90 R12: 0000000000000001 [ 231.287606] R13: 0000000000000000 R14: ffff8881398a8000 R15: 0000000000000003 [ 231.288337] FS: 0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 [ 231.289160] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.289754] CR2: 0000000000e72058 CR3: 000000010fa96006 CR4: 00000000003706f0 [ 231.290485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 231.291211] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 231.291940] Call Trace: [ 231.292211] smc_lgr_terminate_sched+0x53/0xa0 [ 231.292677] smc_switch_conns+0x75/0x6b0 [ 231.293085] ? update_load_avg+0x1a6/0x590 [ 231.293517] ? ttwu_do_wakeup+0x17/0x150 [ 231.293907] ? update_load_avg+0x1a6/0x590 [ 231.294317] ? newidle_balance+0xca/0x3d0 [ 231.294716] smcr_link_down+0x50/0x1a0 [ 231.295090] ? __wake_up_common_lock+0x77/0x90 [ 231.295534] smc_link_down_work+0x46/0x60 [ 231.295933] process_one_work+0x18b/0x350
AI-Powered Analysis
Technical Analysis
CVE-2021-47536 is a vulnerability in the Linux kernel specifically affecting the SMC (Shared Memory Communications) subsystem. The flaw arises from an incorrect use of the list_del function within the smc_lgr_cleanup_early() routine. This function is intended to remove a link group from a linked list that manages these groups. However, due to a coding error, the function mistakenly deletes the list head instead of the actual link group entry. Consequently, the real link group remains in the list but is later overwritten (memset), leading to memory corruption. This corruption manifests as list corruption panics and kernel BUGs, causing system instability and crashes. The provided kernel logs demonstrate a typical crash scenario with invalid list pointers and a kernel panic triggered in list_debug.c, indicating severe list integrity violations. The vulnerability affects Linux kernel versions around 5.10.46+, as indicated by the kernel version in the logs. Although no known exploits are reported in the wild, the flaw can cause denial of service (DoS) through kernel panics and potential memory corruption, which might be leveraged for privilege escalation or arbitrary code execution in certain scenarios. The vulnerability requires kernel-level code execution or triggering conditions within the SMC subsystem, which is used primarily in high-performance computing and specialized network environments. This issue was publicly disclosed and patched in May 2024, but no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-47536 primarily involves system stability and availability risks. Organizations running Linux servers, especially those utilizing the SMC subsystem for high-speed networking or specialized communication tasks, may experience unexpected kernel panics leading to service outages. This can disrupt critical infrastructure, cloud services, and enterprise applications relying on Linux-based systems. Memory corruption could potentially be exploited to escalate privileges or execute arbitrary code, although no such exploits are currently known. The vulnerability poses a higher risk to data centers, cloud providers, and research institutions in Europe that deploy Linux kernels with SMC enabled. The downtime and recovery efforts could lead to operational disruptions and financial losses. Furthermore, given the widespread use of Linux in European government, finance, and telecommunications sectors, unpatched systems could be targeted for denial-of-service attacks or leveraged as footholds in broader attack campaigns.
Mitigation Recommendations
1. Immediate patching: Apply the latest Linux kernel updates that address CVE-2021-47536 as soon as they become available. Monitor vendor advisories for backported patches in enterprise distributions. 2. Disable SMC if not required: Since the vulnerability is in the SMC subsystem, disabling SMC support in the kernel configuration or via runtime parameters can mitigate exposure. 3. Kernel hardening: Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and use of security modules like SELinux or AppArmor to reduce exploitation risk. 4. Monitoring and alerting: Implement monitoring for kernel panics and unusual system crashes to detect potential exploitation attempts early. 5. Controlled environment testing: Before deploying patches, test updates in staging environments to ensure stability and compatibility, especially in critical production systems. 6. Incident response readiness: Prepare response plans for potential denial-of-service incidents caused by this vulnerability, including backup and recovery procedures.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:02:54.827Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe93e9
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:26:18 PM
Last updated: 8/18/2025, 11:22:32 PM
Views: 20
Related Threats
CVE-2025-7496: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpclever WPC Smart Compare for WooCommerce
MediumCVE-2025-57725
LowCVE-2025-57724
LowCVE-2025-57723
LowCVE-2025-57722
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.