CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle
In the Linux kernel, the following vulnerability has been resolved:
net: systemport: Add global locking for descriptor lifecycle
The descriptor list is a shared resource across all of the transmit queues, and
the locking mechanism used today only protects concurrency across a given
transmit queue between the transmit and reclaiming. This creates an opportunity
for the SYSTEMPORT hardware to work on corrupted descriptors if we have
multiple producers at once which is the case when using multiple transmit
queues.
This was particularly noticeable when using multiple flows/transmit queues and
it showed up in interesting ways in that UDP packets would get a correct UDP
header checksum being calculated over an incorrect packet length. Similarly TCP
packets would get an equally correct checksum computed by the hardware over an
incorrect packet length.
The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges
when the driver produces a new descriptor anytime it writes to the
WRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to
re-organize its descriptors and it is possible that concurrent TX queues
eventually break this internal allocation scheme to the point where the
length/status part of the descriptor gets used for an incorrect data buffer.
The fix is to impose a global serialization for all TX queues in the short
section where we are writing to the WRITE_PORT_{HI,LO} registers which solves
the corruption even with multiple concurrent TX queues being used.
Security readout for executives and security teams
Plain-English summary
This Linux kernel flaw affects the SYSTEMPORT network driver. Under concurrent transmit queue activity, hardware descriptors can become corrupted, causing packets to be built with mismatched lengths and checksums. The public record does not provide CVSS, confirmed exploitation, or business impact beyond packet corruption risk.
Executive priority
Handle through normal kernel patch management, with higher priority for appliances or embedded Linux systems using SYSTEMPORT networking. There is no cited active exploitation, but packet corruption in network paths can affect reliability and service integrity.
Technical view
The SYSTEMPORT descriptor list is shared across TX queues, but prior locking only protected per-queue transmit and reclaim paths. Concurrent producers could write WRITE_PORT_HI/LO while hardware reorganized descriptors, causing length/status fields to pair with the wrong data buffer. The resolved fix globally serializes that descriptor write section.
Likely exposure
Exposure is likely limited to Linux systems using the SYSTEMPORT network driver and affected kernel versions, especially configurations using multiple transmit queues or multiple flows. Systems without this driver or hardware are not indicated as exposed by the provided sources.
Exploitation context
The source bundle does not report active exploitation, public exploit code, or KEV listing. The described trigger is concurrent network transmission behavior, not a documented remote exploit chain. Treat exploitability and attacker control as unconfirmed from these sources.
Researcher notes
Key evidence is the kernel resolution text and stable commit references. Missing data includes CVSS, CWE, exploitability analysis, and distribution-specific affected package versions. Avoid expanding scope beyond Linux SYSTEMPORT driver exposure unless vendor advisories confirm it.
Mitigation direction
Apply Linux stable or vendor kernel updates containing the SYSTEMPORT locking fix.
Prioritize systems with SYSTEMPORT hardware and multi-queue transmit configurations.
Check distribution advisories for backported fixes matching your deployed kernel line.
If patching is delayed, ask the vendor for supported operational mitigations.
Validation and detection
Inventory Linux kernels and identify hosts using the SYSTEMPORT network driver.
Compare deployed kernel builds against vendor advisories or referenced stable commits.
Review network error telemetry for packet corruption symptoms on affected hardware.
Confirm patched code includes global serialization around WRITE_PORT_HI/LO descriptor writes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47587 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.