{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47001", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.950Z", "datePublished": "2024-02-28T08:13:23.482Z", "dateUpdated": "2025-05-04T12:40:48.260Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:40:48.260Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Fix cwnd update ordering\n\nAfter a reconnect, the reply handler is opening the cwnd (and thus\nenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()\ncan post enough Receive WRs to receive their replies. This causes an\nRNR and the new connection is lost immediately.\n\nThe race is most clearly exposed when KASAN and disconnect injection\nare enabled. This slows down rpcrdma_rep_create() enough to allow\nthe send side to post a bunch of RPC Calls before the Receive\ncompletion handler can invoke ib_post_recv()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/xprtrdma/rpc_rdma.c", "net/sunrpc/xprtrdma/verbs.c", "net/sunrpc/xprtrdma/xprt_rdma.h"], "versions": [{"version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "eddae8be7944096419c2ae29477a45f767d0fcd4", "status": "affected", "versionType": "git"}, {"version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "8834ecb5df22b7ff3c9b0deba7726579bb613f95", "status": "affected", "versionType": "git"}, {"version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "19b5fa9489b5706bc878c3a522a7f771079e2fa0", "status": "affected", "versionType": "git"}, {"version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "35d8b10a25884050bb3b0149b62c3818ec59f77c", "status": "affected", "versionType": "git"}, {"version": "3791c5982ba1eebf2900ee7ca7b9a89619c26d54", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/xprtrdma/rpc_rdma.c", "net/sunrpc/xprtrdma/verbs.c", "net/sunrpc/xprtrdma/xprt_rdma.h"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.38", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.22", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.5", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.38"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.11.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.12.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4"}, {"url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95"}, {"url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0"}, {"url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c"}], "title": "xprtrdma: Fix cwnd update ordering", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47001", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T16:58:29.225383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:54.379Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20250411-0001/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-11T22:03:12.324Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20250411-0001/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-11T22:03:12.324Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47001", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T16:58:29.225383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.443Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "xprtrdma: Fix cwnd update ordering", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "eddae8be7944096419c2ae29477a45f767d0fcd4", "versionType": "git"}, {"status": "affected", "version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "8834ecb5df22b7ff3c9b0deba7726579bb613f95", "versionType": "git"}, {"status": "affected", "version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "19b5fa9489b5706bc878c3a522a7f771079e2fa0", "versionType": "git"}, {"status": "affected", "version": "2ae50ad68cd79224198b525f7bd645c9da98b6ff", "lessThan": "35d8b10a25884050bb3b0149b62c3818ec59f77c", "versionType": "git"}, {"status": "affected", "version": "3791c5982ba1eebf2900ee7ca7b9a89619c26d54", "versionType": "git"}], "programFiles": ["net/sunrpc/xprtrdma/rpc_rdma.c", "net/sunrpc/xprtrdma/verbs.c", "net/sunrpc/xprtrdma/xprt_rdma.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.38", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.22", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.5", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/sunrpc/xprtrdma/rpc_rdma.c", "net/sunrpc/xprtrdma/verbs.c", "net/sunrpc/xprtrdma/xprt_rdma.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4"}, {"url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95"}, {"url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0"}, {"url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Fix cwnd update ordering\n\nAfter a reconnect, the reply handler is opening the cwnd (and thus\nenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()\ncan post enough Receive WRs to receive their replies. This causes an\nRNR and the new connection is lost immediately.\n\nThe race is most clearly exposed when KASAN and disconnect injection\nare enabled. This slows down rpcrdma_rep_create() enough to allow\nthe send side to post a bunch of RPC Calls before the Receive\ncompletion handler can invoke ib_post_recv()."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.38", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.22", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.5", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.4.13"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:40:48.260Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47001", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:40:48.260Z", "dateReserved": "2024-02-27T18:42:55.950Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:23.482Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72", "versionEndExcluding": "5.10.38", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E", "versionEndExcluding": "5.11.22", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B", "versionEndExcluding": "5.12.5", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Fix cwnd update ordering\n\nAfter a reconnect, the reply handler is opening the cwnd (and thus\nenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()\ncan post enough Receive WRs to receive their replies. This causes an\nRNR and the new connection is lost immediately.\n\nThe race is most clearly exposed when KASAN and disconnect injection\nare enabled. This slows down rpcrdma_rep_create() enough to allow\nthe send side to post a bunch of RPC Calls before the Receive\ncompletion handler can invoke ib_post_recv()."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xprtrdma: corrige el orden de actualizaci\u00f3n de cwnd Despu\u00e9s de una reconexi\u00f3n, el controlador de respuesta abre cwnd (y as\u00ed permite que se env\u00eden m\u00e1s llamadas RPC) /antes/ rpcrdma_post_recvs() puede publicar suficiente recepci\u00f3n WR para recibir sus respuestas. Esto provoca un RNR y la nueva conexi\u00f3n se pierde inmediatamente. La ejecuci\u00f3n se expone m\u00e1s claramente cuando KASAN y la inyecci\u00f3n de desconexi\u00f3n est\u00e1n habilitados. Esto ralentiza rpcrdma_rep_create() lo suficiente como para permitir que el lado de env\u00edo publique un mont\u00f3n de llamadas RPC antes de que el controlador de finalizaci\u00f3n de recepci\u00f3n pueda invocar ib_post_recv()."}], "id": "CVE-2021-47001", "lastModified": "2025-04-11T22:15:28.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-02-28T09:15:38.213", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/19b5fa9489b5706bc878c3a522a7f771079e2fa0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35d8b10a25884050bb3b0149b62c3818ec59f77c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8834ecb5df22b7ff3c9b0deba7726579bb613f95"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eddae8be7944096419c2ae29477a45f767d0fcd4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250411-0001/"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: xprtrdma: Fix cwnd update ordering", "id": "2266869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266869"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nxprtrdma: Fix cwnd update ordering\nAfter a reconnect, the reply handler is opening the cwnd (and thus\nenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()\ncan post enough Receive WRs to receive their replies. This causes an\nRNR and the new connection is lost immediately.\nThe race is most clearly exposed when KASAN and disconnect injection\nare enabled. This slows down rpcrdma_rep_create() enough to allow\nthe send side to post a bunch of RPC Calls before the Receive\ncompletion handler can invoke ib_post_recv()."], "name": "CVE-2021-47001", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47001\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47001\nhttps://lore.kernel.org/linux-cve-announce/2024022828-CVE-2021-47001-0e51@gregkh/T/#u"], "threat_severity": "Low"}