PT-2024-11378 · Linux+2 · Linux Kernel+2

Alexandra Winter

Published

2021-09-21

Updated

2026-03-14

CVE-2021-47382

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a deadlock during failing recovery in the s390/qeth component of the Linux kernel. A commit removed the taking of discipline mutex inside qeth do reset(), fixing potential deadlocks. However, an error path was missed, which still takes discipline mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth do reset and ccwgroup remove. To fix this, qeth set offline() is called directly in the qeth do reset() error case, and a new variant of ccwgroup set offline() is used, without taking discipline mutex.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-667

Related Identifiers

BDU:2025-05166

CVE-2021-47382

OESA-2024-1962

OESA-2024-1964

OESA-2024-2258

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Debian

Linux Kernel

Suse

PT-2024-11378 · Linux+2 · Linux Kernel+2

CVE-2021-47382

Weakness Enumeration

Related Identifiers

Affected Products

References · 1646