What is CVE-2021-47555?

CVE-2021-47555 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47555 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47555?

CVE-2021-47555 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47555?

No patch is currently available for CVE-2021-47555. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47555 actively exploited?

CVE-2021-47555 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47555

Medium

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100 ip link del dev dummy1 When the dummy netdevice is removed, we will get a WARNING as following: ======================================================================= refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 and an endless loop of: ======================================================================= unregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824 That is because dev_put(real_dev) in vlan_dev_free() be called without dev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev underflow. Move the dev_hold(real_dev) to vlan_dev_init() which is the call-back of ndo_init(). That makes dev_hold() and dev_put() for vlan's real_dev symmetrical.

Package Linux Kernel

Published 2024-05-24

Last modified 2025-09-18

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-191

CVE-2021-47555 is classified as CWE-191

See CWE-191 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2021-47555 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2021-47555

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-24

Modified 2025-09-18

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47555?

CVE-2021-47555 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47555 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47555?

CVE-2021-47555 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47555?

No patch is currently available for CVE-2021-47555. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47555 actively exploited?

No — CVE-2021-47555 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.