Login Sign Up

CVE-2021-47555

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the VLAN subsystem causes a reference counter underflow when removing a physical network device that has VLAN interfaces. This leads to memory leaks and system instability, affecting Linux systems using VLAN configurations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected kernel versions not explicitly stated in CVE, but fix commits target stable kernel branches.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when VLAN interfaces are configured and the underlying physical device is removed.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to memory corruption, potentially causing denial of service and requiring physical reboot.

🟠

Likely Case

System instability, memory leaks, and denial of service on affected VLAN interfaces.

🟢

If Mitigated

Minimal impact if VLAN configurations are not used or if systems are patched.

🌐 Internet-Facing: LOW - Requires local access or specific network configuration manipulation.
🏢 Internal Only: MEDIUM - Can affect internal systems with VLAN configurations, potentially causing service disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to create/remove network interfaces. Not remotely exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 01d9cc2dea3fde3bad6d27f464eff463496e2b00, 5e44178864b38dd70b877985abd7d86fdb95f27d, 6e800ee43218a56acc93676bbb3d93b74779e555, f7fc72a508cf115c273a7a29350069def1041890

Vendor Advisory: https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Avoid VLAN interface removal

linux

Prevent removal of physical network devices that have VLAN interfaces configured.

🧯 If You Can't Patch

  • Avoid creating or removing VLAN interfaces on production systems
  • Implement strict access controls to prevent unauthorized network interface manipulation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution. Vulnerable if using unpatched kernel with VLAN support.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than patched versions from your distribution.

📡 Detection & Monitoring

Log Indicators:

  • Kernel warnings about refcount underflow
  • Messages about 'refcount_t: decrement hit 0'
  • Network device removal errors

Network Indicators:

  • Unexpected VLAN interface failures
  • Network connectivity loss on VLAN interfaces

SIEM Query:

Search for kernel logs containing 'refcount_warn_saturate' or 'refcount_t: decrement hit 0'

📊 Metadata

CVE ID: CVE-2021-47555
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-191
Published: May 24, 2024
Last Updated: September 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47555, you might also want to check these:

CVE-2025-29909 9.8

A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack...

Same vulnerability type (CWE-191)
CVE-2020-3691 9.8

This vulnerability allows integer underflow in Qualcomm Snapdragon audio processing, potentially lea...

Same vulnerability type (CWE-191)
CVE-2023-21708 9.8

This is a critical Remote Procedure Call Runtime vulnerability that allows unauthenticated attackers...

Same vulnerability type (CWE-191)