Security readout for executives and security teams
Plain-English summary
This is a Linux kernel memory safety bug in the scsi_debug driver, a SCSI testing/debug component. A malformed mode select interaction could trigger a use-after-free. Business urgency is mainly for systems that load scsi_debug or expose SCSI generic device access, not typical remote-facing services.
Executive priority
Handle in normal kernel patch cycles, faster for labs, CI, virtualization hosts, or storage test systems where scsi_debug is used. No source evidence supports emergency internet-wide response.
Technical view
The flaw is in drivers/scsi/scsi_debug.c resp_mode_select(), where block descriptor length lacked sanity checking. The source includes a KASAN use-after-free trace reached through sg ioctl handling and SCSI request processing. Kernel stable commits add the bounds check across affected branches.
Likely exposure
Likely exposure is limited to Linux systems running affected kernels with scsi_debug available and usable. This driver is commonly used for testing rather than normal production storage. The trace indicates local SCSI generic ioctl interaction, not remote network exposure.
Exploitation context
The bundle does not show public exploitation, exploit code, or CISA KEV listing. It provides a kernel sanitizer crash trace and stable fix references. Treat this as a local kernel memory safety issue with constrained prerequisites unless vendor advisories say otherwise.
Researcher notes
The affected path is scsi_debug mode select handling. The provided trace reaches resp_mode_select() via sg ioctl and scsi_debug_queuecommand(). Impact beyond use-after-free is not characterized in the bundle; avoid assuming privilege escalation without additional evidence.
Mitigation direction
Update to a vendor kernel containing the referenced stable fixes.
Check vendor advisories for exact fixed package versions.
Disable or avoid loading scsi_debug where it is not required.
Restrict access to SCSI generic devices to trusted users.
Prioritize systems used for kernel, storage, or virtualization testing.
Validation and detection
Inventory Linux kernel versions against the affected and fixed branches.
Confirm whether the scsi_debug module is present or loaded.
Review device permissions for SCSI generic interfaces.
Verify the deployed kernel includes one referenced fix commit.
Check vendor security notes for distribution-specific backports.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47576 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.