CVE-2021-47203 (GCVE-0-2021-47203)

Vulnerability from cvelistv5 – Published: 2024-04-10 18:56 – Updated: 2026-05-11 13:49
VLAI
Title
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < ad4776b5eb2e58af1226847fcd3b4f6d051674dd (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < ec70d80a8642900086447ba0cdc79e3f44d42e8f (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < f05a0191b90156e539cccc189b9d87ca2a4d9305 (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < b291d147d0268e93ad866f8bc820ea14497abc9b (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < 16bcbfb56d759c25665f786e33ec633b9508a08f (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < c097bd5a59162156d9c2077a2f58732ffbaa9fca (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < 814d3610c4ce86e8cf285b2cdac0057a42e82de5 (git)
Affected: 2a9bf3d011303d8da64cd5e0e7fdd95f0c143984 , < 99154581b05c8fb22607afb7c3d66c1bace6aa5d (git)
Create a notification for this product.
Linux Linux Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.4.293 , ≤ 4.4.* (semver)
Unaffected: 4.9.291 , ≤ 4.9.* (semver)
Unaffected: 4.14.256 , ≤ 4.14.* (semver)
Unaffected: 4.19.218 , ≤ 4.19.* (semver)
Unaffected: 5.4.162 , ≤ 5.4.* (semver)
Unaffected: 5.10.82 , ≤ 5.10.* (semver)
Unaffected: 5.15.5 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47203",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:44:44.009129Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:01.015Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_sli.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ad4776b5eb2e58af1226847fcd3b4f6d051674dd",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "ec70d80a8642900086447ba0cdc79e3f44d42e8f",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "f05a0191b90156e539cccc189b9d87ca2a4d9305",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "b291d147d0268e93ad866f8bc820ea14497abc9b",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "16bcbfb56d759c25665f786e33ec633b9508a08f",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "c097bd5a59162156d9c2077a2f58732ffbaa9fca",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "814d3610c4ce86e8cf285b2cdac0057a42e82de5",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            },
            {
              "lessThan": "99154581b05c8fb22607afb7c3d66c1bace6aa5d",
              "status": "affected",
              "version": "2a9bf3d011303d8da64cd5e0e7fdd95f0c143984",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_sli.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.218",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.293",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.291",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.256",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.218",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.162",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.82",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.5",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\n\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\nthe requests to the adapter. If such an attempt fails, a local \"fail_msg\"\nstring is set and a log message output.  The job is then added to a\ncompletions list for cancellation.\n\nProcessing of any further jobs from the txq list continues, but since\n\"fail_msg\" remains set, jobs are added to the completions list regardless\nof whether a wqe was passed to the adapter.  If successfully added to\ntxcmplq, jobs are added to both lists resulting in list corruption.\n\nFix by clearing the fail_msg string after adding a job to the completions\nlist. This stops the subsequent jobs from being added to the completions\nlist unless they had an appropriate failure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:49:58.424Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305"
        },
        {
          "url": "https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca"
        },
        {
          "url": "https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5"
        },
        {
          "url": "https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d"
        }
      ],
      "title": "scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47203",
    "datePublished": "2024-04-10T18:56:37.066Z",
    "dateReserved": "2024-03-25T09:12:14.117Z",
    "dateUpdated": "2026-05-11T13:49:58.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-47203",
      "date": "2026-05-28",
      "epss": "0.00015",
      "percentile": "0.03606"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\\n\\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\\nthe requests to the adapter. If such an attempt fails, a local \\\"fail_msg\\\"\\nstring is set and a log message output.  The job is then added to a\\ncompletions list for cancellation.\\n\\nProcessing of any further jobs from the txq list continues, but since\\n\\\"fail_msg\\\" remains set, jobs are added to the completions list regardless\\nof whether a wqe was passed to the adapter.  If successfully added to\\ntxcmplq, jobs are added to both lists resulting in list corruption.\\n\\nFix by clearing the fail_msg string after adding a job to the completions\\nlist. This stops the subsequent jobs from being added to the completions\\nlist unless they had an appropriate failure.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Se corrige la corrupci\\u00f3n de list_add() en lpfc_drain_txq() Al analizar la lista txq en lpfc_drain_txq(), el controlador intenta pasar las solicitudes al adaptador. Si dicho intento falla, se establece una cadena \\\"fail_msg\\\" local y se genera un mensaje de registro. Luego, el trabajo se agrega a una lista de finalizaciones para su cancelaci\\u00f3n. El procesamiento de cualquier otro trabajo de la lista txq contin\\u00faa, pero como \\\"fail_msg\\\" permanece establecido, los trabajos se agregan a la lista de finalizaciones independientemente de si se pas\\u00f3 un wqe al adaptador. Si se agrega correctamente a txcmplq, los trabajos se agregan a ambas listas, lo que da como resultado la corrupci\\u00f3n de la lista. Se soluciona borrando la cadena fail_msg despu\\u00e9s de agregar un trabajo a la lista de finalizaciones. Esto evita que los trabajos posteriores se agreguen a la lista de finalizaciones a menos que hayan tenido una falla apropiada.\"}]",
      "id": "CVE-2021-47203",
      "lastModified": "2024-11-21T06:35:37.340",
      "published": "2024-04-10T19:15:48.217",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47203\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-10T19:15:48.217\",\"lastModified\":\"2025-03-27T21:15:41.670\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\\n\\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\\nthe requests to the adapter. If such an attempt fails, a local \\\"fail_msg\\\"\\nstring is set and a log message output.  The job is then added to a\\ncompletions list for cancellation.\\n\\nProcessing of any further jobs from the txq list continues, but since\\n\\\"fail_msg\\\" remains set, jobs are added to the completions list regardless\\nof whether a wqe was passed to the adapter.  If successfully added to\\ntxcmplq, jobs are added to both lists resulting in list corruption.\\n\\nFix by clearing the fail_msg string after adding a job to the completions\\nlist. This stops the subsequent jobs from being added to the completions\\nlist unless they had an appropriate failure.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Se corrige la corrupci\u00f3n de list_add() en lpfc_drain_txq() Al analizar la lista txq en lpfc_drain_txq(), el controlador intenta pasar las solicitudes al adaptador. Si dicho intento falla, se establece una cadena \\\"fail_msg\\\" local y se genera un mensaje de registro. Luego, el trabajo se agrega a una lista de finalizaciones para su cancelaci\u00f3n. El procesamiento de cualquier otro trabajo de la lista txq contin\u00faa, pero como \\\"fail_msg\\\" permanece establecido, los trabajos se agregan a la lista de finalizaciones independientemente de si se pas\u00f3 un wqe al adaptador. Si se agrega correctamente a txcmplq, los trabajos se agregan a ambas listas, lo que da como resultado la corrupci\u00f3n de la lista. Se soluciona borrando la cadena fail_msg despu\u00e9s de agregar un trabajo a la lista de finalizaciones. Esto evita que los trabajos posteriores se agreguen a la lista de finalizaciones a menos que hayan tenido una falla apropiada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.293\",\"matchCriteriaId\":\"83024F84-4857-4CAF-957E-C14804BAC4AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.9.291\",\"matchCriteriaId\":\"8B1EE39E-FE30-4B7D-A26F-631135BCBB3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.14.256\",\"matchCriteriaId\":\"FCEB92FF-21BF-4F75-ACA1-6AE1D51A79FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.218\",\"matchCriteriaId\":\"4F85F433-5DEA-47D3-B07E-3B1AC474D6E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.162\",\"matchCriteriaId\":\"51A152D8-D5CE-47BD-9041-DEE164DCE99D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.82\",\"matchCriteriaId\":\"AE501832-500C-4EF1-9489-5C13674F619D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.5\",\"matchCriteriaId\":\"2128A085-4C0C-4C1E-9E9C-0DD868E2170F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:32:07.414Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47203\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-10T19:44:44.009129Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:23.100Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"ad4776b5eb2e58af1226847fcd3b4f6d051674dd\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"ec70d80a8642900086447ba0cdc79e3f44d42e8f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"f05a0191b90156e539cccc189b9d87ca2a4d9305\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"b291d147d0268e93ad866f8bc820ea14497abc9b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"16bcbfb56d759c25665f786e33ec633b9508a08f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"c097bd5a59162156d9c2077a2f58732ffbaa9fca\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"814d3610c4ce86e8cf285b2cdac0057a42e82de5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2a9bf3d011303d8da64cd5e0e7fdd95f0c143984\", \"lessThan\": \"99154581b05c8fb22607afb7c3d66c1bace6aa5d\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/scsi/lpfc/lpfc_sli.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.36\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.36\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.4.293\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.4.*\"}, {\"status\": \"unaffected\", \"version\": \"4.9.291\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.256\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.218\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.162\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.82\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/scsi/lpfc/lpfc_sli.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd\"}, {\"url\": \"https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f\"}, {\"url\": \"https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305\"}, {\"url\": \"https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b\"}, {\"url\": \"https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f\"}, {\"url\": \"https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca\"}, {\"url\": \"https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5\"}, {\"url\": \"https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\\n\\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\\nthe requests to the adapter. If such an attempt fails, a local \\\"fail_msg\\\"\\nstring is set and a log message output.  The job is then added to a\\ncompletions list for cancellation.\\n\\nProcessing of any further jobs from the txq list continues, but since\\n\\\"fail_msg\\\" remains set, jobs are added to the completions list regardless\\nof whether a wqe was passed to the adapter.  If successfully added to\\ntxcmplq, jobs are added to both lists resulting in list corruption.\\n\\nFix by clearing the fail_msg string after adding a job to the completions\\nlist. This stops the subsequent jobs from being added to the completions\\nlist unless they had an appropriate failure.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.4.293\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.291\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.256\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.218\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.162\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.82\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.5\", \"versionStartIncluding\": \"2.6.36\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.16\", \"versionStartIncluding\": \"2.6.36\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-12-18T11:36:03.996Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47203\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-18T11:36:03.996Z\", \"dateReserved\": \"2024-03-25T09:12:14.117Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-10T18:56:37.066Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.