HOMEVULNERABILITIESCVE-2021-47242
HIGH

CVE-2021-47242

CWE-667Published: May 21, 2024· Updated: Jun 17, 2026

7.8
CVSS v3.1

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix soft lookup in subflow_error_report()

Maxim reported a soft lookup in subflow_error_report():

watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]

RIP: 0010:native_queued_spin_lock_slowpath

RSP: 0018:ffffa859c0003bc0 EFLAGS: 00000202

RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000000

RDX: ffff9195c2772d88 RSI: 0000000000000000 RDI: ffff9195c2772d88

RBP: ffff9195c2772d00 R08: 00000000000067b0 R09: c6e31da9eb1e44f4

R10: ffff9195ef379700 R11: ffff9195edb50710 R12: ffff9195c2772d88

R13: ffff9195f500e3d0 R14: ffff9195ef379700 R15: ffff9195ef379700

FS: 0000000000000000(0000) GS:ffff91961f400000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000000c000407000 CR3: 0000000002988000 CR4: 00000000000006f0

Call Trace:

<IRQ>

_raw_spin_lock_bh

subflow_error_report

mptcp_subflow_data_available

__mptcp_move_skbs_from_subflow

mptcp_data_ready

tcp_data_queue

tcp_rcv_established

tcp_v4_do_rcv

tcp_v4_rcv

ip_protocol_deliver_rcu

ip_local_deliver_finish

__netif_receive_skb_one_core

netif_receive_skb

rtl8139_poll 8139too

__napi_poll

net_rx_action

__do_softirq

__irq_exit_rcu

common_interrupt

</IRQ>

The calling function - mptcp_subflow_data_available() - can be invoked

from different contexts:

- plain ssk socket lock

- ssk socket lock + mptcp_data_lock

- ssk socket lock + mptcp_data_lock + msk socket lock.

Since subflow_error_report() tries to acquire the mptcp_data_lock, the

latter two call chains will cause soft lookup.

This change addresses the issue moving the error reporting call to

outer functions, where the held locks list is known and the we can

acquire only the needed one.

NVD Source

Technical Analysis

CVE-2021-47242 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.None
User InteractionRequired
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product(s)
linux kernel
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (4)

Quick Facts

CVE IDCVE-2021-47242
CVSS Score7.8 / 10
SeverityHIGH
WeaknessCWE-667
CISA KEVNo
Affected1 vendor(s)
PublishedMay 21, 2024

Related CVEs (CWE-667)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2021-47242 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.