What is CVE-2021-47124?

CVE-2021-47124 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47124 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47124?

CVE-2021-47124 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47124?

No patch is currently available for CVE-2021-47124. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47124 actively exploited?

CVE-2021-47124 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47124

Medium

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] io_put_req fs/io_uring.c:2140 [inline] io_queue_linked_timeout fs/io_uring.c:6300 [inline] __io_queue_sqe+0xbef/0xec0 fs/io_uring.c:6354 io_submit_sqe fs/io_uring.c:6534 [inline] io_submit_sqes+0x2bbd/0x7c50 fs/io_uring.c:6660 __do_sys_io_uring_enter fs/io_uring.c:9240 [inline] __se_sys_io_uring_enter+0x256/0x1d60 fs/io_uring.c:9182 io_link_timeout_fn() should put only one reference of the linked timeout request, however in case of racing with the master request's completion first io_req_complete() puts one and then io_put_req_deferred() is called.

Package Linux Kernel

Published 2024-03-15

Last modified 2025-03-13

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2021-47124 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0b2a990e5d2f76d020cb840c456e6ec5f0c27530
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6f5d7a45f58d3abe3a936de1441b8d6318f978ff
Patch
Kernel patch commit
https://git.kernel.org/stable/c/876808dba2ff7509bdd7f230c4f374a0caf4f410
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2021-47124

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-03-15

Modified 2025-03-13

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47124?

CVE-2021-47124 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47124 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47124?

CVE-2021-47124 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47124?

No patch is currently available for CVE-2021-47124. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47124 actively exploited?

No — CVE-2021-47124 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.