CVE-2021-47587: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. This creates an opportunity for the SYSTEMPORT hardware to work on corrupted descriptors if we have multiple producers at once which is the case when using multiple transmit queues. This was particularly noticeable when using multiple flows/transmit queues and it showed up in interesting ways in that UDP packets would get a correct UDP header checksum being calculated over an incorrect packet length. Similarly TCP packets would get an equally correct checksum computed by the hardware over an incorrect packet length. The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges when the driver produces a new descriptor anytime it writes to the WRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to re-organize its descriptors and it is possible that concurrent TX queues eventually break this internal allocation scheme to the point where the length/status part of the descriptor gets used for an incorrect data buffer. The fix is to impose a global serialization for all TX queues in the short section where we are writing to the WRITE_PORT_{HI,LO} registers which solves the corruption even with multiple concurrent TX queues being used.
AI Analysis
Technical Summary
CVE-2021-47587 is a vulnerability identified in the Linux kernel's network subsystem, specifically related to the SYSTEMPORT hardware interface and its handling of transmit (TX) queues. The root cause lies in the lack of a global locking mechanism for the lifecycle of descriptors shared across multiple transmit queues. Currently, the locking only protects concurrency within individual transmit queues, but when multiple transmit queues operate concurrently, the SYSTEMPORT hardware may process corrupted descriptors. This leads to inconsistencies such as UDP and TCP packets having correct checksum calculations over incorrect packet lengths, indicating data corruption at the descriptor level. The SYSTEMPORT hardware maintains an internal descriptor list that it rearranges when the driver writes to the WRITE_PORT_HI and WRITE_PORT_LO registers. Due to hardware reorganization delays, concurrent writes from multiple TX queues can break the internal allocation scheme, causing the length and status fields of descriptors to reference incorrect data buffers. The vulnerability can result in corrupted network packets being transmitted, potentially causing network communication errors or data integrity issues. The fix implemented involves introducing a global serialization lock across all TX queues during the critical section where the WRITE_PORT_HI and WRITE_PORT_LO registers are written. This serialization prevents concurrent access and thus eliminates descriptor corruption even when multiple TX queues are active simultaneously. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions identified by the provided commit hash, indicating it is relevant to specific kernel builds incorporating SYSTEMPORT hardware support.
Potential Impact
For European organizations, this vulnerability poses risks primarily to network reliability and data integrity in environments using Linux systems with SYSTEMPORT hardware and multiple transmit queues enabled. Corrupted packet descriptors can lead to malformed network packets, which may cause application-level errors, degraded network performance, or intermittent communication failures. In critical infrastructure sectors such as telecommunications, finance, and government services where Linux-based network appliances or servers are common, this could disrupt operations or degrade service quality. Although the vulnerability does not directly enable remote code execution or privilege escalation, the resulting network anomalies could be exploited as part of a broader attack chain or cause denial of service conditions. Additionally, organizations relying on high-throughput or multi-queue network configurations may be more exposed. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or operational issues. Given the widespread use of Linux in European data centers, cloud providers, and enterprise environments, the impact could be significant if not addressed promptly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch introducing global serialization for TX queue descriptor writes. Specifically, kernel maintainers and system administrators should track and apply the patch referenced by the commit hash 80105befdb4b8cea924711b40b2462b87df65b62 or later stable releases containing this fix. Network administrators should audit systems using SYSTEMPORT hardware and multiple transmit queues to identify vulnerable hosts. Temporary mitigation could include disabling multiple transmit queues if feasible, reducing concurrency to avoid triggering the descriptor corruption, though this may impact network performance. Monitoring network traffic for anomalies such as checksum mismatches or malformed packets can help detect exploitation or manifestation of the issue. Coordination with hardware vendors to confirm compatibility with patched kernel versions is advised. Finally, incorporating this vulnerability into vulnerability management and patching cycles ensures timely remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2021-47587: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. This creates an opportunity for the SYSTEMPORT hardware to work on corrupted descriptors if we have multiple producers at once which is the case when using multiple transmit queues. This was particularly noticeable when using multiple flows/transmit queues and it showed up in interesting ways in that UDP packets would get a correct UDP header checksum being calculated over an incorrect packet length. Similarly TCP packets would get an equally correct checksum computed by the hardware over an incorrect packet length. The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges when the driver produces a new descriptor anytime it writes to the WRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to re-organize its descriptors and it is possible that concurrent TX queues eventually break this internal allocation scheme to the point where the length/status part of the descriptor gets used for an incorrect data buffer. The fix is to impose a global serialization for all TX queues in the short section where we are writing to the WRITE_PORT_{HI,LO} registers which solves the corruption even with multiple concurrent TX queues being used.
AI-Powered Analysis
Technical Analysis
CVE-2021-47587 is a vulnerability identified in the Linux kernel's network subsystem, specifically related to the SYSTEMPORT hardware interface and its handling of transmit (TX) queues. The root cause lies in the lack of a global locking mechanism for the lifecycle of descriptors shared across multiple transmit queues. Currently, the locking only protects concurrency within individual transmit queues, but when multiple transmit queues operate concurrently, the SYSTEMPORT hardware may process corrupted descriptors. This leads to inconsistencies such as UDP and TCP packets having correct checksum calculations over incorrect packet lengths, indicating data corruption at the descriptor level. The SYSTEMPORT hardware maintains an internal descriptor list that it rearranges when the driver writes to the WRITE_PORT_HI and WRITE_PORT_LO registers. Due to hardware reorganization delays, concurrent writes from multiple TX queues can break the internal allocation scheme, causing the length and status fields of descriptors to reference incorrect data buffers. The vulnerability can result in corrupted network packets being transmitted, potentially causing network communication errors or data integrity issues. The fix implemented involves introducing a global serialization lock across all TX queues during the critical section where the WRITE_PORT_HI and WRITE_PORT_LO registers are written. This serialization prevents concurrent access and thus eliminates descriptor corruption even when multiple TX queues are active simultaneously. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions identified by the provided commit hash, indicating it is relevant to specific kernel builds incorporating SYSTEMPORT hardware support.
Potential Impact
For European organizations, this vulnerability poses risks primarily to network reliability and data integrity in environments using Linux systems with SYSTEMPORT hardware and multiple transmit queues enabled. Corrupted packet descriptors can lead to malformed network packets, which may cause application-level errors, degraded network performance, or intermittent communication failures. In critical infrastructure sectors such as telecommunications, finance, and government services where Linux-based network appliances or servers are common, this could disrupt operations or degrade service quality. Although the vulnerability does not directly enable remote code execution or privilege escalation, the resulting network anomalies could be exploited as part of a broader attack chain or cause denial of service conditions. Additionally, organizations relying on high-throughput or multi-queue network configurations may be more exposed. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or operational issues. Given the widespread use of Linux in European data centers, cloud providers, and enterprise environments, the impact could be significant if not addressed promptly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch introducing global serialization for TX queue descriptor writes. Specifically, kernel maintainers and system administrators should track and apply the patch referenced by the commit hash 80105befdb4b8cea924711b40b2462b87df65b62 or later stable releases containing this fix. Network administrators should audit systems using SYSTEMPORT hardware and multiple transmit queues to identify vulnerable hosts. Temporary mitigation could include disabling multiple transmit queues if feasible, reducing concurrency to avoid triggering the descriptor corruption, though this may impact network performance. Monitoring network traffic for anomalies such as checksum mismatches or malformed packets can help detect exploitation or manifestation of the issue. Coordination with hardware vendors to confirm compatibility with patched kernel versions is advised. Finally, incorporating this vulnerability into vulnerability management and patching cycles ensures timely remediation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:11:00.732Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe9534
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:58:02 PM
Last updated: 7/25/2025, 10:35:12 PM
Views: 12
Related Threats
CVE-2025-8837: Use After Free in JasPer
MediumCVE-2025-8661: Vulnerability in Broadcom Symantec PGP Encryption
MediumCVE-2025-8836: Reachable Assertion in JasPer
MediumCVE-2025-8747: CWE-502 Deserialization of Untrusted Data in Google Keras
HighCVE-2025-8660: Vulnerability in Broadcom Symantec PGP Encryption
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.