[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-47408":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":42,"related":43,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":62,"kevs":77,"epss":78,"epss_history":81,"metrics":318,"affected":329},"CVE-2021-47408","In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: serialize hash resizes and cleanups\n\nSyzbot was able to trigger the following warning [1]\n\nNo repro found by syzbot yet but I was able to trigger similar issue\nby having 2 scripts running in parallel, changing conntrack hash sizes,\nand:\n\nfor j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done\n\nIt would take more than 5 minutes for net_namespace structures\nto be cleaned up.\n\nThis is because nf_ct_iterate_cleanup() has to restart everytime\na resize happened.\n\nBy adding a mutex, we can serialize hash resizes and cleanups\nand also make get_next_corpse() faster by skipping over empty\nbuckets.\n\nEven without resizes in the picture, this patch considerably\nspeeds up network namespace dismantles.\n\n[1]\nINFO: task syz-executor.0:8312 can't die for more than 144 seconds.\ntask:syz-executor.0  state:R  running task     stack:25672 pid: 8312 ppid:  6573 flags:0x00004006\nCall Trace:\n context_switch kernel/sched/core.c:4955 [inline]\n __schedule+0x940/0x26f0 kernel/sched/core.c:6236\n preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6408\n preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35\n __local_bh_enable_ip+0x109/0x120 kernel/softirq.c:390\n local_bh_enable include/linux/bottom_half.h:32 [inline]\n get_next_corpse net/netfilter/nf_conntrack_core.c:2252 [inline]\n nf_ct_iterate_cleanup+0x15a/0x450 net/netfilter/nf_conntrack_core.c:2275\n nf_conntrack_cleanup_net_list+0x14c/0x4f0 net/netfilter/nf_conntrack_core.c:2469\n ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171\n setup_net+0x639/0xa30 net/core/net_namespace.c:349\n copy_net_ns+0x319/0x760 net/core/net_namespace.c:470\n create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226\n ksys_unshare+0x445/0x920 kernel/fork.c:3128\n __do_sys_unshare kernel/fork.c:3202 [inline]\n __se_sys_unshare kernel/fork.c:3200 [inline]\n __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3200\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f63da68e739\nRSP: 002b:00007f63d7c05188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f63da792f80 RCX: 00007f63da68e739\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000\nRBP: 00007f63da6e8cc4 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f63da792f80\nR13: 00007fff50b75d3f R14: 00007f63d7c05300 R15: 0000000000022000\n\nShowing all locks held in the system:\n1 lock held by khungtaskd/27:\n #0: ffffffff8b980020 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446\n2 locks held by kworker/u4:2/153:\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2268\n #1: ffffc9000140fdb0 ((kfence_timer).work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2272\n1 lock held by systemd-udevd/2970:\n1 lock held by in:imklog/6258:\n #0: ffff88807f970ff0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990\n3 locks held by kworker/1:6/8158:\n1 lock held by syz-executor.0/8312:\n2 locks held by kworker/u4:13/9320:\n1 lock held by\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40],{"_key":23},"SUSE-SU-2024:3566-1",{"_key":25},"SUSE-SU-2024:2008-1",{"_key":27},"SUSE-SU-2024:2011-1",{"_key":29},"SUSE-SU-2024:2019-1",{"_key":31},"SUSE-SU-2024:2189-1",{"_key":33},"SUSE-SU-2024:2190-1",{"_key":35},"DEBIAN-CVE-2021-47408",{"_key":37},"RHSA-2024:5101",{"_key":39},"RHSA-2024:5102",{"_key":41},"UBUNTU-CVE-2021-47408",[],[44,45,46,47,48,49],{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2024-05-21T15:04:00.651Z","2026-05-11T13:54:08.896Z","Analyzed",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":57,"severity_score":58,"severity_version":59,"severity_source":60,"severity_vector":61,"severity_status":52},false,"low",0.00015,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[63,69,73],{"url":64,"sources":65,"tags":67},"https://git.kernel.org/stable/c/e2d192301a0df8160d1555b66ae8611e8050e424",[66,60],"cve.org",[68],"Patch",{"url":70,"sources":71,"tags":72},"https://git.kernel.org/stable/c/7ea6f5848281182ce0cff6cafdcf3fbdeb8ca7e1",[66,60],[68],{"url":74,"sources":75,"tags":76},"https://git.kernel.org/stable/c/e9edc188fc76499b0b9bd60364084037f6d03773",[66,60],[68],[],{"date":79,"score":56,"percentile":80},"2026-06-03",0.03415,[82,86,88,91,93,96,98,101,104,107,110,112,114,116,119,123,126,129,132,135,137,140,143,145,147,150,153,156,159,161,164,167,170,173,175,178,181,185,188,190,192,194,197,200,203,206,208,210,212,214,216,219,221,224,227,230,233,235,237,239,242,244,246,248,250,252,254,257,260,262,265,268,271,273,275,277,280,282,285,288,290,293,296,298,300,303,306,309,312,315],{"date":83,"score":84,"percentile":85},"2025-11-04",0.00008,0.00512,{"date":87,"score":84,"percentile":85},"2025-11-05",{"date":89,"score":84,"percentile":90},"2025-11-06",0.00515,{"date":92,"score":84,"percentile":90},"2025-11-07",{"date":94,"score":84,"percentile":95},"2025-11-08",0.00514,{"date":97,"score":84,"percentile":85},"2025-11-09",{"date":99,"score":84,"percentile":100},"2025-11-10",0.0051,{"date":102,"score":84,"percentile":103},"2025-11-11",0.00513,{"date":105,"score":84,"percentile":106},"2025-11-12",0.00511,{"date":108,"score":84,"percentile":109},"2025-11-13",0.00509,{"date":111,"score":84,"percentile":85},"2025-11-14",{"date":113,"score":84,"percentile":106},"2025-11-15",{"date":115,"score":84,"percentile":100},"2025-11-16",{"date":117,"score":84,"percentile":118},"2025-11-17",0.00508,{"date":120,"score":121,"percentile":122},"2025-11-18",0.00061,0.14875,{"date":124,"score":121,"percentile":125},"2025-11-19",0.14892,{"date":127,"score":121,"percentile":128},"2025-11-20",0.14903,{"date":130,"score":84,"percentile":131},"2025-11-21",0.00521,{"date":133,"score":84,"percentile":134},"2025-11-22",0.0052,{"date":136,"score":84,"percentile":134},"2025-11-23",{"date":138,"score":84,"percentile":139},"2025-11-24",0.00518,{"date":141,"score":84,"percentile":142},"2025-11-25",0.00517,{"date":144,"score":84,"percentile":103},"2025-11-26",{"date":146,"score":84,"percentile":85},"2025-11-27",{"date":148,"score":84,"percentile":149},"2025-11-28",0.00516,{"date":151,"score":84,"percentile":152},"2025-11-29",0.00524,{"date":154,"score":84,"percentile":155},"2025-11-30",0.00525,{"date":157,"score":84,"percentile":158},"2025-12-01",0.00526,{"date":160,"score":84,"percentile":155},"2025-12-02",{"date":162,"score":84,"percentile":163},"2025-12-03",0.00528,{"date":165,"score":84,"percentile":166},"2025-12-04",0.0053,{"date":168,"score":84,"percentile":169},"2025-12-05",0.00537,{"date":171,"score":84,"percentile":172},"2025-12-06",0.00536,{"date":174,"score":84,"percentile":172},"2025-12-07",{"date":176,"score":84,"percentile":177},"2025-12-08",0.00541,{"date":179,"score":84,"percentile":180},"2025-12-09",0.00554,{"date":182,"score":183,"percentile":184},"2025-12-10",0.00009,0.00675,{"date":186,"score":183,"percentile":187},"2025-12-11",0.00674,{"date":189,"score":183,"percentile":184},"2025-12-12",{"date":191,"score":183,"percentile":187},"2025-12-13",{"date":193,"score":183,"percentile":187},"2025-12-14",{"date":195,"score":183,"percentile":196},"2025-12-15",0.00667,{"date":198,"score":183,"percentile":199},"2025-12-16",0.00671,{"date":201,"score":183,"percentile":202},"2025-12-17",0.00673,{"date":204,"score":183,"percentile":205},"2025-12-18",0.00672,{"date":207,"score":183,"percentile":187},"2025-12-19",{"date":209,"score":183,"percentile":202},"2025-12-20",{"date":211,"score":183,"percentile":205},"2025-12-21",{"date":213,"score":183,"percentile":187},"2025-12-22",{"date":215,"score":183,"percentile":187},"2025-12-23",{"date":217,"score":183,"percentile":218},"2025-12-24",0.00677,{"date":220,"score":183,"percentile":218},"2025-12-25",{"date":222,"score":183,"percentile":223},"2025-12-26",0.00682,{"date":225,"score":183,"percentile":226},"2025-12-27",0.0068,{"date":228,"score":183,"percentile":229},"2025-12-28",0.00678,{"date":231,"score":183,"percentile":232},"2025-12-29",0.00676,{"date":234,"score":183,"percentile":187},"2025-12-30",{"date":236,"score":183,"percentile":199},"2025-12-31",{"date":238,"score":183,"percentile":187},"2026-01-01",{"date":240,"score":183,"percentile":241},"2026-01-02",0.00679,{"date":243,"score":183,"percentile":223},"2026-01-03",{"date":245,"score":183,"percentile":205},"2026-01-04",{"date":247,"score":183,"percentile":184},"2026-01-05",{"date":249,"score":183,"percentile":232},"2026-01-06",{"date":251,"score":183,"percentile":187},"2026-01-07",{"date":253,"score":183,"percentile":241},"2026-01-08",{"date":255,"score":183,"percentile":256},"2026-01-09",0.00687,{"date":258,"score":183,"percentile":259},"2026-01-10",0.00688,{"date":261,"score":183,"percentile":256},"2026-01-11",{"date":263,"score":183,"percentile":264},"2026-01-12",0.00686,{"date":266,"score":183,"percentile":267},"2026-01-13",0.00685,{"date":269,"score":183,"percentile":270},"2026-01-14",0.00684,{"date":272,"score":183,"percentile":256},"2026-01-15",{"date":274,"score":183,"percentile":256},"2026-01-16",{"date":276,"score":183,"percentile":256},"2026-01-17",{"date":278,"score":183,"percentile":279},"2026-01-18",0.00691,{"date":281,"score":183,"percentile":256},"2026-01-19",{"date":283,"score":183,"percentile":284},"2026-01-20",0.00683,{"date":286,"score":183,"percentile":287},"2026-01-21",0.00681,{"date":289,"score":183,"percentile":223},"2026-01-22",{"date":291,"score":183,"percentile":292},"2026-01-23",0.00689,{"date":294,"score":183,"percentile":295},"2026-01-24",0.00693,{"date":297,"score":183,"percentile":295},"2026-01-25",{"date":299,"score":183,"percentile":295},"2026-01-26",{"date":301,"score":183,"percentile":302},"2026-01-27",0.00697,{"date":304,"score":183,"percentile":305},"2026-01-28",0.00695,{"date":307,"score":183,"percentile":308},"2026-01-29",0.00698,{"date":310,"score":183,"percentile":311},"2026-01-30",0.00707,{"date":313,"score":183,"percentile":314},"2026-01-31",0.00712,{"date":316,"score":183,"percentile":317},"2026-02-01",0.00716,[319,326],{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":320,"cvss_v4_0":9},{"baseScore":321,"baseSeverity":322,"vectorString":323,"impactScore":324,"exploitabilityScore":325},4.7,"MEDIUM","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",6,2.6,{"source":60,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":327,"cvss_v4_0":9},{"baseScore":58,"baseSeverity":322,"vectorString":61,"impactScore":324,"exploitabilityScore":328},4.6,[330,350],{"ecosystem":9,"name":331,"vendor":332,"product":332,"cpe_part":333,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":334},"Linux","linux","a",[335,342,345,348],{"version":336,"is_range":337,"range_type":66,"version_start":338,"version_start_type":339,"version_end":340,"version_end_type":341,"fixed_in":9},">= 0d02d5646eb84403766a11a1d3b19e670a3d45d5, \u003C e2d192301a0df8160d1555b66ae8611e8050e424",true,"0d02d5646eb84403766a11a1d3b19e670a3d45d5","including","e2d192301a0df8160d1555b66ae8611e8050e424","excluding",{"version":343,"is_range":337,"range_type":66,"version_start":338,"version_start_type":339,"version_end":344,"version_end_type":341,"fixed_in":9},">= 0d02d5646eb84403766a11a1d3b19e670a3d45d5, \u003C 7ea6f5848281182ce0cff6cafdcf3fbdeb8ca7e1","7ea6f5848281182ce0cff6cafdcf3fbdeb8ca7e1",{"version":346,"is_range":337,"range_type":66,"version_start":338,"version_start_type":339,"version_end":347,"version_end_type":341,"fixed_in":9},">= 0d02d5646eb84403766a11a1d3b19e670a3d45d5, \u003C e9edc188fc76499b0b9bd60364084037f6d03773","e9edc188fc76499b0b9bd60364084037f6d03773",{"version":349,"is_range":54,"range_type":66,"version_start":349,"version_start_type":339,"version_end":349,"version_end_type":339,"fixed_in":9},"4.13",{"ecosystem":9,"name":351,"vendor":332,"product":352,"cpe_part":353,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":354},"linux kernel","linux_kernel","o",[355,359,363,365,367],{"version":356,"is_range":337,"range_type":357,"version_start":9,"version_start_type":9,"version_end":358,"version_end_type":341,"fixed_in":9},"lt5.10.71","cpe","5.10.71",{"version":360,"is_range":337,"range_type":357,"version_start":361,"version_start_type":339,"version_end":362,"version_end_type":341,"fixed_in":9},"gte5.11_lt5.14.10","5.11","5.14.10",{"version":364,"is_range":54,"range_type":357,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.15:rc1",{"version":366,"is_range":54,"range_type":357,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.15:rc2",{"version":368,"is_range":54,"range_type":357,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.15:rc3"]