LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. This creates an opportunity for the SYSTEMPORT hardware to work on corrupted descriptors if we have multiple producers at once which is the case when using multiple transmit queues. This was particularly noticeable when using multiple flows/transmit queues and it showed up in interesting ways in that UDP packets would get a correct UDP header checksum being calculated over an incorrect packet length. Similarly TCP packets would get an equally correct checksum computed by the hardware over an incorrect packet length. The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges when the driver produces a new descriptor anytime it writes to the WRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to re-organize its descriptors and it is possible that concurrent TX queues eventually break this internal allocation scheme to the point where the length/status part of the descriptor gets used for an incorrect data buffer. The fix is to impose a global serialization for all TX queues in the short section where we are writing to the WRITE_PORT_{HI,LO} registers which solves the corruption even with multiple concurrent TX queues being used.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This Linux kernel flaw affects the SYSTEMPORT network driver. Under concurrent transmit queue activity, hardware descriptors can become corrupted, causing packets to be built with mismatched lengths and checksums. The public record does not provide CVSS, confirmed exploitation, or business impact beyond packet corruption risk.

Executive priority

Handle through normal kernel patch management, with higher priority for appliances or embedded Linux systems using SYSTEMPORT networking. There is no cited active exploitation, but packet corruption in network paths can affect reliability and service integrity.

Technical view

The SYSTEMPORT descriptor list is shared across TX queues, but prior locking only protected per-queue transmit and reclaim paths. Concurrent producers could write WRITE_PORT_HI/LO while hardware reorganized descriptors, causing length/status fields to pair with the wrong data buffer. The resolved fix globally serializes that descriptor write section.

Likely exposure

Exposure is likely limited to Linux systems using the SYSTEMPORT network driver and affected kernel versions, especially configurations using multiple transmit queues or multiple flows. Systems without this driver or hardware are not indicated as exposed by the provided sources.

Exploitation context

The source bundle does not report active exploitation, public exploit code, or KEV listing. The described trigger is concurrent network transmission behavior, not a documented remote exploit chain. Treat exploitability and attacker control as unconfirmed from these sources.

Researcher notes

Key evidence is the kernel resolution text and stable commit references. Missing data includes CVSS, CWE, exploitability analysis, and distribution-specific affected package versions. Avoid expanding scope beyond Linux SYSTEMPORT driver exposure unless vendor advisories confirm it.

Mitigation direction

  • Apply Linux stable or vendor kernel updates containing the SYSTEMPORT locking fix.
  • Prioritize systems with SYSTEMPORT hardware and multi-queue transmit configurations.
  • Check distribution advisories for backported fixes matching your deployed kernel line.
  • If patching is delayed, ask the vendor for supported operational mitigations.

Validation and detection

  • Inventory Linux kernels and identify hosts using the SYSTEMPORT network driver.
  • Compare deployed kernel builds against vendor advisories or referenced stable commits.
  • Review network error telemetry for packet corruption symptoms on affected hardware.
  • Confirm patched code includes global serialization around WRITE_PORT_HI/LO descriptor writes.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47587 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62, 80105befdb4b8cea924711b40b2462b87df65b62unaffected
LinuxLinux3.16, 0, 4.4.296, 4.9.294, 4.14.259, 4.19.222, 5.4.168, 5.10.88, 5.15.11, 5.16affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.