LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47015: bnxt_en: Fix RX consumer index logic in the error path.

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order. If the RX consumer index indicates an out of order buffer completion, it means we are hitting a hardware bug and the driver will abort all remaining RX packets and reset the RX ring. The RX consumer index that we pass to bnxt_discard_rx() is not correct. We should be passing the current index (tmp_raw_cons) instead of the old index (raw_cons). This bug can cause us to be at the wrong index when trying to abort the next RX packet. It can crash like this: #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007 #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232 #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978 #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0 #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24 #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12 #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5 [exception RIP: bnxt_rx_pkt+237] RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213 RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000 RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000 RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0 R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2021-47015 is a Linux kernel bug in the bnxt_en network receive path. When receive buffers complete out of order, the driver can discard from the wrong index and crash the kernel. The main business risk is availability loss on affected Linux systems using this driver path.

Executive priority

Medium priority. Patch during the next controlled kernel maintenance window, faster for internet-facing or high-availability systems that use this driver. There is no source-backed evidence of active exploitation, but a kernel crash can still cause service interruption.

Technical view

In bnxt_rx_pkt(), the RX error path passed raw_cons to bnxt_discard_rx() instead of tmp_raw_cons. During out-of-order RX buffer completion, described as a hardware bug condition, the driver may abort the wrong RX packet and hit a page fault in bnxt_rx_pkt().

Likely exposure

Exposure appears limited to affected Linux kernel versions where the bnxt_en driver is present and handling network RX traffic. The bundle lists Linux 5.1 through 5.13-era affected ranges and multiple stable fix commits, but no distribution-specific package mapping.

Exploitation context

The sources do not show KEV listing, public exploitation, or attacker-controlled exploitation. The provided description ties the crash to out-of-order RX buffer completion and a driver error-path bug. Treat it as an availability issue unless vendor advisories provide stronger evidence.

Researcher notes

Evidence is narrow but coherent: the bug is a wrong consumer index in the bnxt_en RX error path, with a sample crash trace at bnxt_rx_pkt+237. The bundle lacks CVSS, CWE, distro advisories, and exploitability analysis, so exposure validation depends on local kernel and driver inventory.

Mitigation direction

  • Apply a vendor kernel update containing the referenced stable fixes.
  • Prioritize critical Linux hosts using the bnxt_en driver.
  • Check distribution advisories for exact fixed package versions.
  • Plan reboot or live-patch steps according to vendor guidance.
  • Monitor affected systems for kernel panics until remediated.

Validation and detection

  • Inventory Linux kernel versions against the affected ranges in the CVE record.
  • Confirm whether the bnxt_en driver is loaded or built into deployed kernels.
  • Verify vendor kernels include one of the referenced stable commits or backports.
  • Review kernel logs for bnxt_rx_pkt faults, RX ring resets, or related panics.
  • Regression test network receive traffic after patching.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47015 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxa1b0e4e684e9c300b9e759b46cb7a0147e61ddff, a1b0e4e684e9c300b9e759b46cb7a0147e61ddff, a1b0e4e684e9c300b9e759b46cb7a0147e61ddff, a1b0e4e684e9c300b9e759b46cb7a0147e61ddff, a1b0e4e684e9c300b9e759b46cb7a0147e61ddff, 8e302e8e10b05165ed21273539a1e6a83ab93e9e, 46281ee85b651b0df686001651b965d17b8e2c67, d2d055a554036b0240f296743942b8111fd4ce97, aecbbae850ede49183fa0b73c7445531a47669cfunaffected
LinuxLinux5.1, 0, 5.4.119, 5.10.37, 5.11.21, 5.12.4, 5.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.