CVE-2021-47565: scsi: mpt3sas: Fix kernel panic during drive powercycle test
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix kernel panic during drive powercycle test
While looping over shost's sdev list it is possible that one
of the drives is getting removed and its sas_target object is
freed but its sdev object remains intact.
Consequently, a kernel panic can occur while the driver is trying to access
the sas_address field of sas_target object without also checking the
sas_target object for NULL.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can crash a system when the mpt3sas storage driver handles a drive removal or power-cycle race incorrectly. The likely business impact is availability loss on affected hosts, not data theft based on the provided sources.
Executive priority
Treat as a targeted infrastructure stability issue. Prioritize storage-heavy or critical Linux servers first, especially where unexpected reboot or panic would disrupt operations.
Technical view
The mpt3sas SCSI driver can dereference sas_target after it has been freed while the sdev object remains. Missing NULL validation before reading sas_target->sas_address can cause a kernel panic during drive powercycle or removal conditions.
Likely exposure
Exposure is most likely on Linux systems using the mpt3sas SCSI driver with affected kernel versions or unpatched distro backports. Systems without this driver or relevant storage hardware are less likely to be affected.
Exploitation context
The source bundle does not show active exploitation, and KEV is false. The described trigger is a drive powercycle/removal race, suggesting availability impact under specific storage conditions rather than a proven remote attack path.
Researcher notes
Evidence supports a NULL pointer dereference style kernel panic in mpt3sas during sdev iteration and sas_target lifetime changes. No CVSS, CWE, exploit proof, or detailed vendor-specific package status is included in the bundle.
Mitigation direction
Update to a kernel or vendor distro package containing the referenced stable fixes.
Check your Linux distribution advisory for backported fixes for CVE-2021-47565.
Prioritize hosts using mpt3sas-backed storage or experiencing drive removal events.
Plan maintenance because kernel updates usually require rebooting affected hosts.
Validation and detection
Inventory Linux hosts and identify kernels within the affected version ranges.
Confirm whether the mpt3sas driver is loaded or required on each host.
Check distro changelogs for CVE-2021-47565 or the upstream stable commit references.
Review kernel panic logs for mpt3sas activity during drive powercycle or removal events.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47565 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.