CVE-2021-47185: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
In the Linux kernel, the following vulnerability has been resolved:
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,
which look like this one:
Workqueue: events_unbound flush_to_ldisc
Call trace:
dump_backtrace+0x0/0x1ec
show_stack+0x24/0x30
dump_stack+0xd0/0x128
panic+0x15c/0x374
watchdog_timer_fn+0x2b8/0x304
__run_hrtimer+0x88/0x2c0
__hrtimer_run_queues+0xa4/0x120
hrtimer_interrupt+0xfc/0x270
arch_timer_handler_phys+0x40/0x50
handle_percpu_devid_irq+0x94/0x220
__handle_domain_irq+0x88/0xf0
gic_handle_irq+0x84/0xfc
el1_irq+0xc8/0x180
slip_unesc+0x80/0x214 [slip]
tty_ldisc_receive_buf+0x64/0x80
tty_port_default_receive_buf+0x50/0x90
flush_to_ldisc+0xbc/0x110
process_one_work+0x1d4/0x4b0
worker_thread+0x180/0x430
kthread+0x11c/0x120
In the testcase pty04, The first process call the write syscall to send
data to the pty master. At the same time, the workqueue will do the
flush_to_ldisc to pop data in a loop until there is no more data left.
When the sender and workqueue running in different core, the sender sends
data fastly in full time which will result in workqueue doing work in loop
for a long time and occuring softlockup in flush_to_ldisc with kernel
configured without preempt. So I add need_resched check and cond_resched
in the flush_to_ldisc loop to avoid it.
Security readout for executives and security teams
Plain-English summary
CVE-2021-47185 is a Linux kernel availability issue in tty buffer handling. A high-privileged local user could trigger a long-running kernel workqueue path and cause a soft lockup, especially on non-preemptible kernels. The business impact is service disruption, not data theft or privilege escalation based on the provided sources.
Executive priority
Treat as a routine-to-moderate Linux kernel patching item. It can affect host availability, but the provided evidence shows local high-privilege requirements and no confirmed active exploitation.
Technical view
The issue is in flush_to_ldisc in the Linux tty_buffer path. Continuous pty input can keep the workqueue processing in a loop long enough to trigger a soft lockup. The upstream fix adds scheduler checks and conditional rescheduling inside the loop. CVSS is 4.4, local attack vector, high privileges required, high availability impact.
Likely exposure
Exposure is most relevant on Linux systems running affected kernel versions, particularly non-preemptible configurations where high-privileged local users or workloads can exercise pty/tty paths. Internet-facing exposure is not indicated by the sources.
Exploitation context
The CVE is not listed as KEV, and the supplied sources do not claim active exploitation. The described trigger came from an LTP pty test case on arm64, not from a public attack campaign.
Researcher notes
The useful validation focus is kernel lineage and configuration, not remote scanning. Confirm whether downstream kernels backported the stable commits. Evidence is limited to the CVE record, upstream stable commits, and the kernel description of a softlockup reproduction.
Mitigation direction
Apply vendor kernel updates that include the referenced upstream stable fixes.
Map distribution kernel packages to the CVE before assuming upstream version equivalence.
Prioritize multi-user systems where local administrators or privileged services can access pty paths.
If patching is delayed, restrict unnecessary privileged local access.
Validation and detection
Check running kernel versions against vendor advisories for CVE-2021-47185.
Confirm kernel changelogs include the tty_buffer flush_to_ldisc rescheduling fix.
Review whether production kernels are built without preemption.
Monitor for kernel soft lockup events involving flush_to_ldisc or tty_ldisc paths.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47185 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.