What is CVE-2021-47491?

CVE-2021-47491 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47491 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47491?

CVE-2021-47491 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47491?

No patch is currently available for CVE-2021-47491. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47491 actively exploited?

CVE-2021-47491 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47491

Medium

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB misses for large text segments. But it doesn't restrict the file types so a THP could be collapsed for a non-regular file, for example, block device, if it is opened readonly and mapped with EXEC permission. This may cause bugs, like [1] and [2]. This is definitely not the intended usecase, so just collapse THP for regular files in order to close the attack surface. [[email protected]: fix vm_file check [3]]

Package Linux Kernel

Published 2024-05-22

Last modified 2025-09-29

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2021-47491 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5fcb6fce74ffa614d964667110cf1a516c48c6d9
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6d67b2a73b8e3a079c355bab3c1aef7d85a044b8
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a4aeaa06d45e90f9b279f0b09de84bd00006e733
Patch

Details

CVE ID CVE-2021-47491

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-22

Modified 2025-09-29

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47491?

CVE-2021-47491 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47491 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47491?

CVE-2021-47491 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47491?

No patch is currently available for CVE-2021-47491. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47491 actively exploited?

No — CVE-2021-47491 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.