LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47185: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc

In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it.

MediumCVSS 4.4Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2021-47185 is a Linux kernel availability issue in tty buffer handling. A high-privileged local user could trigger a long-running kernel workqueue path and cause a soft lockup, especially on non-preemptible kernels. The business impact is service disruption, not data theft or privilege escalation based on the provided sources.

Executive priority

Treat as a routine-to-moderate Linux kernel patching item. It can affect host availability, but the provided evidence shows local high-privilege requirements and no confirmed active exploitation.

Technical view

The issue is in flush_to_ldisc in the Linux tty_buffer path. Continuous pty input can keep the workqueue processing in a loop long enough to trigger a soft lockup. The upstream fix adds scheduler checks and conditional rescheduling inside the loop. CVSS is 4.4, local attack vector, high privileges required, high availability impact.

Likely exposure

Exposure is most relevant on Linux systems running affected kernel versions, particularly non-preemptible configurations where high-privileged local users or workloads can exercise pty/tty paths. Internet-facing exposure is not indicated by the sources.

Exploitation context

The CVE is not listed as KEV, and the supplied sources do not claim active exploitation. The described trigger came from an LTP pty test case on arm64, not from a public attack campaign.

Researcher notes

The useful validation focus is kernel lineage and configuration, not remote scanning. Confirm whether downstream kernels backported the stable commits. Evidence is limited to the CVE record, upstream stable commits, and the kernel description of a softlockup reproduction.

Mitigation direction

  • Apply vendor kernel updates that include the referenced upstream stable fixes.
  • Map distribution kernel packages to the CVE before assuming upstream version equivalence.
  • Prioritize multi-user systems where local administrators or privileged services can access pty paths.
  • If patching is delayed, restrict unnecessary privileged local access.

Validation and detection

  • Check running kernel versions against vendor advisories for CVE-2021-47185.
  • Confirm kernel changelogs include the tty_buffer flush_to_ldisc rescheduling fix.
  • Review whether production kernels are built without preemption.
  • Monitor for kernel soft lockup events involving flush_to_ldisc or tty_ldisc paths.
Prepared
Confidence
high
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47185 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
4.4 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
2ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
4.4CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H0.83.6CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

4.4Medium
CVSS 3.1 vector shape for CVE-2021-47185Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961, 81de916f19cf5f1437c0b9ed817364f0f7c81961unaffected
LinuxLinux3.0, 0, 4.4.293, 4.9.291, 4.14.256, 4.19.218, 5.4.162, 5.10.82, 5.15.5, 5.16affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.