LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47167: NFS: Fix an Oopsable condition in __nfs_pageio_add_request()

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel NFS bug that can leave internal request tracking in an inconsistent state after error cleanup. The public record describes it as “Oopsable,” meaning it may trigger a kernel fault. Business risk depends on whether affected Linux systems use NFS and whether a fault could disrupt important workloads.

Executive priority

Prioritize based on NFS dependency and uptime sensitivity. There is no supplied evidence of active exploitation, but kernel faults can still cause service disruption. Critical NFS-backed production systems should receive normal kernel maintenance priority after vendor confirmation.

Technical view

The fix resets NFS pageio mirror array contents during nfs_pageio_error_cleanup() and changes request-add validation to check list emptiness instead of pg_count. The source bundle does not provide CVSS, CWE, exploit preconditions, or a detailed attack path, so impact should be treated as kernel reliability risk pending vendor mapping.

Likely exposure

Exposure is most likely on Linux systems running affected kernel versions with NFS client functionality in use. The bundle lists affected Linux kernel version references including 4.0, 5.4.124, 5.10.42, 5.12.9, and 5.13, but downstream distribution status must be verified.

Exploitation context

No active exploitation is identified in the supplied sources, and the CVE is not marked KEV. The sources do not show public exploit availability or remote weaponization details. Treat this as a patch and exposure validation issue rather than an incident indicator.

Researcher notes

The useful technical signal is in the kernel patch behavior: cleanup must empty mirror state, and request addition should trust list state over pg_count. The record lacks exploitability analysis, CVSS, and distribution-specific fixed versions, so validation should focus on code lineage and vendor backports.

Mitigation direction

  • Check Linux distribution advisories for CVE-2021-47167 fixed kernel packages.
  • Prioritize updates on systems using NFS for critical workloads.
  • Deploy kernels containing the referenced stable fixes or vendor backports.
  • If patching is delayed, reduce reliance on NFS where operationally feasible.
  • Monitor affected hosts for kernel oops or NFS-related stability events.

Validation and detection

  • Inventory Linux kernel versions across servers and appliances.
  • Identify systems mounting or serving NFS-dependent workloads.
  • Map installed kernels to vendor advisories for CVE-2021-47167.
  • Confirm whether vendor kernels include the referenced stable commits.
  • Review logs for recent kernel oops messages involving NFS page I/O.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47167 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxa7d42ddb3099727f58366fa006f850a219cce6c8, a7d42ddb3099727f58366fa006f850a219cce6c8, a7d42ddb3099727f58366fa006f850a219cce6c8, a7d42ddb3099727f58366fa006f850a219cce6c8unaffected
LinuxLinux4.0, 0, 5.4.124, 5.10.42, 5.12.9, 5.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.