CVE-2021-47590: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_sync() could try to lock the subflow socket for itself, causing a deadlock. sysrq: Show Blocked State task:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x00000000 Call Trace: <TASK> __schedule+0x2d6/0x10c0 ? __mod_memcg_state+0x4d/0x70 ? csum_partial+0xd/0x20 ? _raw_spin_lock_irqsave+0x26/0x50 schedule+0x4e/0xc0 __lock_sock+0x69/0x90 ? do_wait_intr_irq+0xa0/0xa0 __lock_sock_fast+0x35/0x50 mptcp_sockopt_sync_all+0x38/0xc0 __mptcp_push_pending+0x105/0x200 mptcp_sendmsg+0x466/0x490 sock_sendmsg+0x57/0x60 __sys_sendto+0xf0/0x160 ? do_wait_intr_irq+0xa0/0xa0 ? fpregs_restore_userregs+0x12/0xd0 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9ba546c2d0 RSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0 RDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234 RBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060 R13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8 </TASK> Fix the issue by using __mptcp_flush_join_list() instead of plain mptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by Florian. The sockopt sync will be deferred to the workqueue.
AI Analysis
Technical Summary
CVE-2021-47590 is a vulnerability identified in the Linux kernel's implementation of Multipath TCP (MPTCP), specifically within the __mptcp_push_pending() function. MPTCP is an extension of the traditional TCP protocol that allows a single TCP connection to use multiple paths to maximize resource usage and increase redundancy. The vulnerability arises due to a potential deadlock condition when __mptcp_push_pending() calls mptcp_flush_join_list() while holding a subflow socket lock. If this call triggers mptcp_sockopt_sync_all(), which subsequently invokes __mptcp_sockopt_sync(), the latter may attempt to acquire the same subflow socket lock again, leading to a deadlock. This deadlock can cause the affected process or kernel thread to hang indefinitely, impacting system responsiveness and potentially leading to denial of service (DoS) conditions. The issue was addressed by modifying __mptcp_push_pending() to use __mptcp_flush_join_list() instead of the plain mptcp_flush_join_list(), deferring the socket option synchronization to a workqueue, thereby avoiding the lock contention and deadlock scenario. The vulnerability does not appear to have known exploits in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet, but the technical details and patching approach indicate a concurrency and synchronization flaw within the kernel's networking stack.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with MPTCP enabled or in use. The deadlock can cause critical network services relying on MPTCP to become unresponsive, potentially disrupting applications that depend on high availability and network redundancy, such as cloud services, telecommunications infrastructure, and enterprise networking solutions. Organizations utilizing Linux-based servers, especially those in telecommunications, cloud providers, and data centers, may experience service degradation or outages if the deadlock is triggered. While the vulnerability does not directly lead to privilege escalation or data leakage, the denial of service impact can affect business continuity and operational stability. Given the widespread use of Linux in European IT infrastructure, particularly in sectors like finance, government, and critical infrastructure, the vulnerability could have a broad operational impact if exploited or triggered inadvertently.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify and inventory Linux systems running kernel versions affected by CVE-2021-47590, focusing on those with MPTCP enabled or in use. 2) Apply the official Linux kernel patches that address this deadlock issue as soon as they become available, or upgrade to a kernel version that includes the fix. 3) If immediate patching is not feasible, consider disabling MPTCP functionality temporarily to prevent the deadlock scenario, understanding the trade-offs in network performance and redundancy. 4) Monitor system logs and kernel messages for signs of deadlocks or hangs related to MPTCP socket operations. 5) Implement robust system and network monitoring to detect unusual service interruptions that could indicate triggering of this vulnerability. 6) Engage with Linux distribution vendors for backported patches and security advisories relevant to their specific kernel versions. These steps go beyond generic advice by focusing on MPTCP-specific configurations and kernel-level patch management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Italy, Spain, Poland
CVE-2021-47590: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_sync() could try to lock the subflow socket for itself, causing a deadlock. sysrq: Show Blocked State task:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x00000000 Call Trace: <TASK> __schedule+0x2d6/0x10c0 ? __mod_memcg_state+0x4d/0x70 ? csum_partial+0xd/0x20 ? _raw_spin_lock_irqsave+0x26/0x50 schedule+0x4e/0xc0 __lock_sock+0x69/0x90 ? do_wait_intr_irq+0xa0/0xa0 __lock_sock_fast+0x35/0x50 mptcp_sockopt_sync_all+0x38/0xc0 __mptcp_push_pending+0x105/0x200 mptcp_sendmsg+0x466/0x490 sock_sendmsg+0x57/0x60 __sys_sendto+0xf0/0x160 ? do_wait_intr_irq+0xa0/0xa0 ? fpregs_restore_userregs+0x12/0xd0 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9ba546c2d0 RSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0 RDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234 RBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060 R13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8 </TASK> Fix the issue by using __mptcp_flush_join_list() instead of plain mptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by Florian. The sockopt sync will be deferred to the workqueue.
AI-Powered Analysis
Technical Analysis
CVE-2021-47590 is a vulnerability identified in the Linux kernel's implementation of Multipath TCP (MPTCP), specifically within the __mptcp_push_pending() function. MPTCP is an extension of the traditional TCP protocol that allows a single TCP connection to use multiple paths to maximize resource usage and increase redundancy. The vulnerability arises due to a potential deadlock condition when __mptcp_push_pending() calls mptcp_flush_join_list() while holding a subflow socket lock. If this call triggers mptcp_sockopt_sync_all(), which subsequently invokes __mptcp_sockopt_sync(), the latter may attempt to acquire the same subflow socket lock again, leading to a deadlock. This deadlock can cause the affected process or kernel thread to hang indefinitely, impacting system responsiveness and potentially leading to denial of service (DoS) conditions. The issue was addressed by modifying __mptcp_push_pending() to use __mptcp_flush_join_list() instead of the plain mptcp_flush_join_list(), deferring the socket option synchronization to a workqueue, thereby avoiding the lock contention and deadlock scenario. The vulnerability does not appear to have known exploits in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet, but the technical details and patching approach indicate a concurrency and synchronization flaw within the kernel's networking stack.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with MPTCP enabled or in use. The deadlock can cause critical network services relying on MPTCP to become unresponsive, potentially disrupting applications that depend on high availability and network redundancy, such as cloud services, telecommunications infrastructure, and enterprise networking solutions. Organizations utilizing Linux-based servers, especially those in telecommunications, cloud providers, and data centers, may experience service degradation or outages if the deadlock is triggered. While the vulnerability does not directly lead to privilege escalation or data leakage, the denial of service impact can affect business continuity and operational stability. Given the widespread use of Linux in European IT infrastructure, particularly in sectors like finance, government, and critical infrastructure, the vulnerability could have a broad operational impact if exploited or triggered inadvertently.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify and inventory Linux systems running kernel versions affected by CVE-2021-47590, focusing on those with MPTCP enabled or in use. 2) Apply the official Linux kernel patches that address this deadlock issue as soon as they become available, or upgrade to a kernel version that includes the fix. 3) If immediate patching is not feasible, consider disabling MPTCP functionality temporarily to prevent the deadlock scenario, understanding the trade-offs in network performance and redundancy. 4) Monitor system logs and kernel messages for signs of deadlocks or hangs related to MPTCP socket operations. 5) Implement robust system and network monitoring to detect unusual service interruptions that could indicate triggering of this vulnerability. 6) Engage with Linux distribution vendors for backported patches and security advisories relevant to their specific kernel versions. These steps go beyond generic advice by focusing on MPTCP-specific configurations and kernel-level patch management.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:11:00.733Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe953c
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:58:32 PM
Last updated: 8/14/2025, 11:59:48 PM
Views: 13
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.