In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Improve SCSI abort handling
The following has been observed on a test setup:
WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c
Call trace:
ufshcd_queuecommand+0x468/0x65c
scsi_send_eh_cmnd+0x224/0x6a0
scsi_eh_test_devices+0x248/0x418
scsi_eh_ready_devs+0xc34/0xe58
scsi_error_handler+0x204/0x80c
kthread+0x150/0x1b4
ret_from_fork+0x10/0x30
That warning is triggered by the following statement:
WARN_ON(lrbp->cmd);
Fix this warning by clearing lrbp->cmd from the abort handler.
Security readout for executives and security teams
Plain-English summary
This CVE is a Linux kernel storage-driver issue in UFS/SCSI abort handling. The public record shows a kernel warning caused by command state not being cleared during abort handling. Business impact is unclear from available sources, but affected Linux systems should receive vendor-supported kernel updates containing the stable fixes.
Executive priority
Treat this as a normal kernel maintenance item unless vendor advisories assign higher severity for your platform. There is no source-supported evidence of active exploitation or broad remote attackability.
Technical view
The fix clears lrbp->cmd in the UFS abort handler to prevent ufshcd_queuecommand from hitting WARN_ON(lrbp->cmd) during SCSI error handling. Sources list Linux kernel affected versions and stable kernel commits, but provide no CVSS, CWE, exploit details, or confirmed security impact category.
Likely exposure
Exposure appears limited to Linux systems using the kernel UFS storage driver and affected kernel versions. Confirm exposure through kernel version, vendor backport status, and hardware/storage controller usage.
Exploitation context
No active exploitation is supported by the provided sources. The CVE is not listed as KEV, and the bundle contains no public exploit claim or attack scenario.
Researcher notes
The record describes a correctness fix in the SCSI UFS error path. Impact evidence is sparse: no CVSS, CWE, exploitability statement, or user-triggered attack path is provided. Analysis should focus on affected-kernel mapping and vendor backport confirmation.
Mitigation direction
Check your Linux distribution or appliance vendor advisory for this CVE.
Update to a supported kernel build that includes the cited stable fixes.
Prioritize systems using UFS storage hardware or affected embedded/mobile Linux kernels.
Track vendor backports instead of relying only on upstream version strings.
Validation and detection
Inventory Linux kernel versions across servers, appliances, and embedded systems.
Identify systems using the UFS kernel driver or UFS storage hardware.
Confirm whether vendor kernels include the referenced stable commits or equivalent backports.
Review kernel logs for related ufshcd_queuecommand or SCSI error-handler warnings.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47188 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.