CVE-2021-47177: iommu/vt-d: Fix sysfs leak in alloc_iommu()
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix sysfs leak in alloc_iommu()
iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent
errors.
Security readout for executives and security teams
Plain-English summary
CVE-2021-47177 is a Linux kernel issue in Intel VT-d IOMMU handling. During failed initialization, a sysfs entry could be left behind instead of being cleaned up. The public record does not provide a CVSS score, impact rating, or evidence of exploitation.
Executive priority
Treat this as a kernel maintenance item unless internal exposure analysis shows broad affected deployments. The absence of severity scoring and exploitation evidence lowers urgency, but kernel fixes should still flow through normal patch cycles.
Technical view
The fix addresses alloc_iommu() error handling in Linux iommu/vt-d code. iommu_device_sysfs_add() occurs before later failure paths, so those paths must remove the sysfs registration. The source identifies Linux kernel versions including 4.11, 4.14.235, 4.19.193, 5.4.124, 5.10.42, 5.12.9, and 5.13 as affected.
Likely exposure
Exposure is most relevant to Linux systems running affected kernel versions with the Intel VT-d/IOMMU path present. The source bundle does not confirm affected distributions, configurations, or cloud provider images.
Exploitation context
No active exploitation is reported in the provided sources, and the CVE is not listed as KEV. The record describes a cleanup bug, not a public exploit path or attacker workflow.
Researcher notes
Evidence is limited to the CVE record and Linux stable commit references. There is no CVSS vector, CWE, exploit status, or detailed impact statement in the provided bundle. Avoid expanding impact beyond the sysfs cleanup failure described.
Mitigation direction
Update to a vendor-supported Linux kernel containing the referenced stable fixes.
Check distribution advisories for backported fixes matching your deployed kernel builds.
Prioritize virtualization hosts or systems relying on Intel VT-d/IOMMU features.
Keep kernel update and reboot tracking tied to asset inventory.
Validation and detection
Inventory Linux kernel versions across servers, endpoints, and appliances.
Confirm whether deployed kernels include the referenced upstream stable commits.
Check distribution package changelogs for CVE-2021-47177 backports.
Identify systems using Intel VT-d/IOMMU or virtualization-related kernel features.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47177 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.