Security readout for executives and security teams
Plain-English summary
This Linux kernel flaw can crash the kernel when IPv6 nexthop configuration is attempted on a kernel built without IPv6 support. The public record shows a NULL pointer dereference in the error path. The business impact is mainly availability risk for affected Linux systems, with no source evidence of active exploitation.
Executive priority
Treat as a targeted availability issue, not an emergency remote-compromise event based on current evidence. Patch through normal kernel maintenance, with higher priority for systems where kernel crashes would disrupt critical services.
Technical view
In nh_create_ipv6(), kernels with CONFIG_IPV6 disabled can call ipv6_stub->fib6_nh_release after fib6_nh_init returns the dummy -EAFNOSUPPORT error. That release path should not run and can dereference a NULL function pointer, producing a kernel oops. The fix returns the unsupported-address-family error directly.
Likely exposure
Exposure appears limited to Linux kernels in the listed affected ranges that are built without IPv6 support and receive IPv6 nexthop configuration requests. The source bundle does not identify distributions, appliances, cloud images, remote reachability, or required privileges.
Exploitation context
The source bundle includes a crash trace triggered by an IPv6 nexthop add attempt. KEV is false, and no provided source claims active exploitation. No exploitability beyond kernel NULL pointer dereference and potential denial of service is established.
Researcher notes
Key uncertainty is operational reachability: the CVE text shows the failing path but does not document prerequisites, exploit maturity, or distribution-specific status. Analysis should focus on kernel configuration, affected version lineage, and whether stable commit fixes are present or backported.
Mitigation direction
Upgrade to a kernel containing the referenced stable fixes.
Check your Linux distributor or vendor advisory for backported fixes.
Identify systems built with CONFIG_IPV6 disabled.
Restrict nexthop configuration access to authorized administrators.
Prioritize internet-facing infrastructure only if vendor guidance indicates exposure.
Validation and detection
Inventory Linux kernel versions across production and appliances.
Confirm whether affected systems are built without CONFIG_IPV6.
Map installed kernels against vendor-fixed builds or stable commits.
Review logs for kernel oops traces involving nh_create_ipv6.
Test remediation in staging before production rollout.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47572 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.