What is CVE-2021-47412?

CVE-2021-47412 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47412 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47412?

CVE-2021-47412 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47412?

No patch is currently available for CVE-2021-47412. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47412 actively exploited?

CVE-2021-47412 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47412

Medium

In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) rq_qos_done_bio() needn't to be called for bio based driver 2) rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code. Especially in bio_endio(): 1) request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount may not be held in above two cases 2) q->rq_qos may be freed in blk_cleanup_queue() when calling into __rq_qos_done_bio() Fix the potential kernel panic by not calling rq_qos_ops->done_bio if the bio isn't tracked. This way is safe because both ioc_rqos_done_bio() and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.

Package Linux Kernel

Published 2024-05-21

Last modified 2025-11-03

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2021-47412 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Kernel patch commit
https://git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/db60edbfff332a6a5477c367af8125f034570989
Patch

Details

CVE ID CVE-2021-47412

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-21

Modified 2025-11-03

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47412?

CVE-2021-47412 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47412 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47412?

CVE-2021-47412 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47412?

No patch is currently available for CVE-2021-47412. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47412 actively exploited?

No — CVE-2021-47412 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.