CVE-2021-47167: NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
Ensure that nfs_pageio_error_cleanup() resets the mirror array contents,
so that the structure reflects the fact that it is now empty.
Also change the test in nfs_pageio_do_add_request() to be more robust by
checking whether or not the list is empty rather than relying on the
value of pg_count.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel NFS bug that can leave internal request tracking in an inconsistent state after error cleanup. The public record describes it as “Oopsable,” meaning it may trigger a kernel fault. Business risk depends on whether affected Linux systems use NFS and whether a fault could disrupt important workloads.
Executive priority
Prioritize based on NFS dependency and uptime sensitivity. There is no supplied evidence of active exploitation, but kernel faults can still cause service disruption. Critical NFS-backed production systems should receive normal kernel maintenance priority after vendor confirmation.
Technical view
The fix resets NFS pageio mirror array contents during nfs_pageio_error_cleanup() and changes request-add validation to check list emptiness instead of pg_count. The source bundle does not provide CVSS, CWE, exploit preconditions, or a detailed attack path, so impact should be treated as kernel reliability risk pending vendor mapping.
Likely exposure
Exposure is most likely on Linux systems running affected kernel versions with NFS client functionality in use. The bundle lists affected Linux kernel version references including 4.0, 5.4.124, 5.10.42, 5.12.9, and 5.13, but downstream distribution status must be verified.
Exploitation context
No active exploitation is identified in the supplied sources, and the CVE is not marked KEV. The sources do not show public exploit availability or remote weaponization details. Treat this as a patch and exposure validation issue rather than an incident indicator.
Researcher notes
The useful technical signal is in the kernel patch behavior: cleanup must empty mirror state, and request addition should trust list state over pg_count. The record lacks exploitability analysis, CVSS, and distribution-specific fixed versions, so validation should focus on code lineage and vendor backports.
Mitigation direction
Check Linux distribution advisories for CVE-2021-47167 fixed kernel packages.
Prioritize updates on systems using NFS for critical workloads.
Deploy kernels containing the referenced stable fixes or vendor backports.
If patching is delayed, reduce reliance on NFS where operationally feasible.
Monitor affected hosts for kernel oops or NFS-related stability events.
Validation and detection
Inventory Linux kernel versions across servers and appliances.
Identify systems mounting or serving NFS-dependent workloads.
Map installed kernels to vendor advisories for CVE-2021-47167.
Confirm whether vendor kernels include the referenced stable commits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47167 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.