CVE-2021-47392 – This vulnerability in the Linux kernel's RDMA/C... (How to Fix)

Q: What is the severity of CVE-2021-47392?

CVE-2021-47392 has a CVSS score of 5.5 (MEDIUM). This vulnerability in the Linux kernel's RDMA/CMA subsystem causes a resource leak and potential deadlock when rdma_cma_listen_on_all() fails. It affects systems using RDMA (Remote Direct Memory Access) functionality, particularly in high-performance computing and data center environments. The issue prevents proper cleanup of connection IDs, leading to resource exhaustion.

📋 TL;DR

This vulnerability in the Linux kernel's RDMA/CMA subsystem causes a resource leak and potential deadlock when rdma_cma_listen_on_all() fails. It affects systems using RDMA (Remote Direct Memory Access) functionality, particularly in high-performance computing and data center environments. The issue prevents proper cleanup of connection IDs, leading to resource exhaustion.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with the vulnerable RDMA/CMA code (specific versions not provided in CVE, but patches exist for stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if RDMA functionality is enabled and used. Most desktop systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System deadlock requiring reboot, denial of service for RDMA services, and potential resource exhaustion affecting other system functions.

🟠

Likely Case

RDMA service degradation or failure, connection timeouts, and reduced system performance due to resource leaks.

🟢

If Mitigated

Minimal impact if RDMA is not used or if affected systems are isolated from untrusted networks.

🌐 Internet-Facing: LOW - RDMA services are typically deployed in internal networks and not exposed to the internet.

🏢 Internal Only: MEDIUM - Affects internal systems using RDMA, particularly in data centers and HPC clusters.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering specific failure conditions in RDMA connection setup, making it difficult to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches (commits: 3f4e68902d2e545033c80d7ad62fd9a439e573f4, ca465e1f1f9b38fe916a36f7d80c5d25f2337c81, e56a5146ef8cb51cd7c9e748267dce7564448a35)

Vendor Advisory: https://git.kernel.org/stable/c/3f4e68902d2e545033c80d7ad62fd9a439e573f4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable RDMA

linux

Disable RDMA functionality if not required

modprobe -r rdma_cm
echo 'blacklist rdma_cm' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict RDMA usage to trusted internal networks only
Monitor system for RDMA connection failures and restart services if degradation occurs

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if RDMA modules are loaded: lsmod | grep rdma_cm

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for RDMA errors after update

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing RDMA connection failures
System logs with process deadlocks involving RDMA services

Network Indicators:

RDMA connection timeouts
Increased latency in RDMA communications

SIEM Query:

Process:name=rping AND State:Deadlock OR LogSource:kernel AND Message:*RDMA* AND (Error OR Fail*)

📊 Metadata

CVE ID: CVE-2021-47392

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: May 21, 2024

Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47392, you might also want to check these: