CVE-2021-47186: tipc: check for null after calling kmemdup
In the Linux kernel, the following vulnerability has been resolved:
tipc: check for null after calling kmemdup
kmemdup can return a null pointer so need to check for it, otherwise
the null key will be dereferenced later in tipc_crypto_key_xmit as
can be seen in the trace [1].
[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58
Security readout for executives and security teams
Plain-English summary
CVE-2021-47186 is a Linux kernel TIPC bug where memory allocation failure was not checked before later use. In practical terms, a vulnerable kernel could hit a null-pointer dereference in this subsystem, likely causing a kernel fault or denial of service. The source bundle provides no CVSS score and no evidence of active exploitation.
Executive priority
Handle through normal kernel vulnerability management unless TIPC is enabled on critical systems. There is no supplied evidence of active exploitation or severity scoring, but kernel faults can affect availability and should not be ignored.
Technical view
The Linux kernel TIPC crypto path called kmemdup and later dereferenced the resulting key in tipc_crypto_key_xmit without validating allocation success. The kernel stable fixes add the missing null check. Evidence points to a syzkaller-discovered crash trace, not a disclosed exploit chain.
Likely exposure
Exposure is limited to systems running affected Linux kernel versions with the vulnerable TIPC code present. The bundle lists Linux kernel version data around 5.10, 5.10.82, 5.15.5, and 5.16, but distro backports may change actual status.
Exploitation context
The CVE is not listed as KEV in the supplied data. The sources do not describe exploitation in the wild, exploit prerequisites, authentication requirements, or remote reachability. Treat exploitation context as incomplete until vendor or distribution advisories clarify affected configurations.
Researcher notes
The key evidence is an upstream Linux kernel fix for an unchecked kmemdup result before tipc_crypto_key_xmit. The public description is sparse: no CVSS, CWE, attack vector, or exploitability analysis is provided. Validate against exact downstream kernel patches.
Mitigation direction
Check your Linux distribution advisory for CVE-2021-47186 status.
Update kernels to versions containing the referenced stable fixes.
Prioritize systems where TIPC is enabled or kernel availability is critical.
Track vendor backports instead of relying only on upstream version numbers.
Validation and detection
Inventory Linux kernel versions across servers, appliances, and containers hosts.
Check whether TIPC support is built, loaded, or enabled.
Compare installed kernel packages against distro CVE advisories.
Confirm patch presence using vendor package changelogs or upstream stable commits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47186 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.