CVE & CISA-KEV Catalog

CVE-2021-47408

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by syzbot yet but I was able to trigger similar issue by having 2 scripts running in parallel, changing conntrack hash sizes, and: for j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done It would take more than 5 minutes for net_namespace structures to be cleaned up. This is because nf_ct_iterate_cleanup() has to restart everytime a resize happened. By adding a mutex, we can serialize hash resizes and cleanups and also make get_next_corpse() faster by skipping over empty buckets. Even without resizes in the picture, this patch considerably speeds up network namespace dismantles. [1] INFO: task syz-executor.0:8312 can't die for more than 144 seconds. task:syz-executor.0 state:R running task stack:25672 pid: 8312 ppid: 6573 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4955 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6236 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6408 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35 __local_bh_enable_ip+0x109/0x120 kernel/softirq.c:390 local_bh_enable include/linux/bottom_half.h:32 [inline] get_next_corpse net/netfilter/nf_conntrack_core.c:2252 [inline] nf_ct_iterate_cleanup+0x15a/0x450 net/netfilter/nf_conntrack_core.c:2275 nf_conntrack_cleanup_net_list+0x14c/0x4f0 net/netfilter/nf_conntrack_core.c:2469 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171 setup_net+0x639/0xa30 net/core/net_namespace.c:349 copy_net_ns+0x319/0x760 net/core/net_namespace.c:470 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226 ksys_unshare+0x445/0x920 kernel/fork.c:3128 __do_sys_unshare kernel/fork.c:3202 [inline] __se_sys_unshare kernel/fork.c:3200 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3200 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f63da68e739 RSP: 002b:00007f63d7c05188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f63da792f80 RCX: 00007f63da68e739 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f63da6e8cc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f63da792f80 R13: 00007fff50b75d3f R14: 00007f63d7c05300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/27: #0: ffffffff8b980020 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 2 locks held by kworker/u4:2/153: #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2268 #1: ffffc9000140fdb0 ((kfence_timer).work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2272 1 lock held by systemd-udevd/2970: 1 lock held by in:imklog/6258: #0: ffff88807f970ff0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990 3 locks held by kworker/1:6/8158: 1 lock held by syz-executor.0/8312: 2 locks held by kworker/u4:13/9320: 1 lock held by ---truncated---

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.84-1CVE-2021-47408
Fixed in:5.14.12-1CVE-2021-47408
Fixed in:5.14.12-1CVE-2021-47408
Fixed in:5.14.12-1CVE-2021-47408
bpftoolRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
bpftoolRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
bpftool-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
bpftool-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernelRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernelRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-abi-stablelistsRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-abi-stablelistsRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-coreRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debugRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debugRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-coreRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-develRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-develRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-modulesRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-modules-extraRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debug-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-aarch64Red Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-aarch64Rocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-ppc64leRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-ppc64leRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-s390xRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-s390xRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-x86_64Red Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-debuginfo-common-x86_64Rocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-develRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-develRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-docRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-docRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-modulesRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-modules-extraRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-rtRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rtRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-coreRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debugRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debugRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-coreRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-develRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-develRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-kvmRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-kvmRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-modulesRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-modules-extraRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debug-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debuginfo-common-x86_64Red Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-debuginfo-common-x86_64Rocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-develRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-develRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-kvmRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-kvmRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-modulesRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-modules-extraRocky
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-rt-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:5102
kernel-toolsRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-toolsRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-tools-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-tools-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-tools-libsRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-tools-libsRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-tools-libs-develRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-tools-libs-develRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdumpRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdumpRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-coreRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-develRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-develRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-modulesRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-modules-extraRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
kernel-zfcpdump-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
perfRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
perfRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
perf-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
perf-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
python3-perfRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
python3-perfRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
python3-perf-debuginfoRocky
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
python3-perf-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101
Fixed in:0:4.18.0-553.16.1.el8_10RHSA-2024:5101

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
17thpercentile

Low risk: more likely to be exploited than 17% of all known CVEs.

References

Embed a live status badge for CVE-2021-47408
CVE-2021-47408 severity badge

Markdown

[![CVE-2021-47408](https://tridentstack.com/cve/badge/CVE-2021-47408.svg)](https://tridentstack.com/cve/CVE-2021-47408)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-47408"><img src="https://tridentstack.com/cve/badge/CVE-2021-47408.svg" alt="CVE-2021-47408"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-09-25.