LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47163: tipc: wait and exit until all work queues are done

In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: # modprobe tipc # tipc bearer enable media udp name UDP1 localip 127.0.0.1 # rmmod tipc [] BUG: unable to handle kernel paging request at ffffffffc096bb00 [] Workqueue: events 0xffffffffc096bb00 [] Call Trace: [] ? process_one_work+0x1a7/0x360 [] ? worker_thread+0x30/0x390 [] ? create_worker+0x1a0/0x1a0 [] ? kthread+0x116/0x130 [] ? kthread_flush_work_fn+0x10/0x10 [] ? ret_from_fork+0x35/0x40 When removing the TIPC module, the UDP tunnel sock will be delayed to release in a work queue as sock_release() can't be done in rtnl_lock(). If the work queue is schedule to run after the TIPC module is removed, kernel will crash as the work queue function cleanup_beareri() code no longer exists when trying to invoke it. To fix it, this patch introduce a member wq_count in tipc_net to track the numbers of work queues in schedule, and wait and exit until all work queues are done in tipc_exit_net().

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2021-47163 is a Linux kernel TIPC cleanup bug. If delayed cleanup work runs after the TIPC module is removed, the kernel can crash. The source describes an availability failure during repeated module lifecycle operations, not proven remote compromise or data theft.

Executive priority

Prioritize patching on Linux systems where TIPC is used or where kernel crashes would materially affect uptime. Lower urgency is reasonable for systems without TIPC exposure, but confirm with asset and kernel-package inventory.

Technical view

The TIPC UDP bearer cleanup path can schedule work that outlives module removal. When that delayed work later invokes cleanup code from an unloaded module, the kernel may fault. The fix tracks scheduled workqueue count in tipc_net and waits in tipc_exit_net until queued work completes.

Likely exposure

Exposure is most relevant on Linux systems with the TIPC module available and operational processes or privileged users able to load, configure, and unload it. The provided source lists Linux 4.1 and several later stable branches as affected, with kernel stable commits referenced as fixes.

Exploitation context

The bundle does not show KEV listing or public active exploitation. The described trigger requires repeated TIPC module lifecycle activity and appears local or privileged in nature. Treat it primarily as a denial-of-service risk unless vendor guidance identifies broader exposure.

Researcher notes

Evidence supports a TIPC module teardown race causing kernel crash through stale delayed work. No CVSS, CWE, exploit-in-the-wild evidence, or distribution-specific fixed packages are included in the bundle, so exposure assessment should be validated against vendor kernel advisories.

Mitigation direction

  • Update to a Linux kernel containing one of the referenced stable fixes.
  • Check distribution vendor advisories for exact fixed package versions.
  • Disable or avoid loading TIPC where it is not required.
  • Restrict privileged module management to trusted administrators only.

Validation and detection

  • Confirm whether TIPC is present, loadable, or enabled on target systems.
  • Map running kernel versions against vendor fixed versions or referenced stable commits.
  • Review operational automation for repeated TIPC load, bearer setup, or unload activity.
  • Verify patched kernels include the workqueue wait behavior in TIPC teardown.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47163 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxd0f91938bede204a343473792529e0db7d599836, d0f91938bede204a343473792529e0db7d599836, d0f91938bede204a343473792529e0db7d599836, d0f91938bede204a343473792529e0db7d599836unaffected
LinuxLinux4.1, 0, 5.4.124, 5.10.42, 5.12.9, 5.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.