CVE-2021-47402 in Linuxinformación

Resumen

por VulDB • 2026-06-19

Based on the kernel stack trace provided, here is an analysis of the situation:

### 1. **This is NOT a crash or panic** - The trace shows a **normal system call execution path**, not an oops, panic, or bug. - The functions listed (`netlink_sendmsg`, `sock_sendmsg`, `__sys_sendmsg`, `do_syscall_64`) are part of the standard Linux network subsystem for sending data over a Netlink socket. - The `?` prefix on many lines indicates that the kernel could not resolve the exact symbol name (often due to missing debug symbols or inlined functions), but the call chain is valid.

### 2. **What is happening?** A user-space process is making a `sendmsg()` system call to send data over a **Netlink socket**. Netlink is commonly used for: - Communication between user space and kernel space (e.g., `iproute2`, `systemd`, `NetworkManager`). - Inter-process communication (e.g., `dbus`, `udev`).

The call chain is: ``` User-space sendmsg() → __sys_sendmsg() → sock_sendmsg() → netlink_sendmsg() → netlink_unicast() → netlink_deliver_tap() / netlink_ack() ```

### 3. **Why might this be logged?** This stack trace might appear in logs if: - **Debugging is enabled**: The kernel was compiled with `CONFIG_NETLINK=y` and possibly `CONFIG_NETLINK_DEBUG` or similar. - **A tool like `ftrace` or `perf` is tracing syscalls**: You might be seeing this from a performance trace or syscall tracer. - **A network tool is active**: Tools like `ip`, `ss`, `netstat`, or `systemd-networkd` frequently use Netlink sockets. - **A bug report context**: If this was part of a larger bug report, it might be showing the context in which a crash occurred, but **this specific trace is benign**.

### 4. **Is there a problem?** - **No immediate problem** is indicated by this trace alone. - If you are experiencing issues (e.g., network configuration failures, high CPU usage, or hangs), look for: - **Repeated occurrences** of this trace in `dmesg` or logs. - **Associated error messages** (e.g., `netlink: 16 bytes leftover after parsing attributes`, `netlink: 4 bytes leftover after parsing attributes`, or `netlink: 16 bytes leftover after parsing attributes`). - **High latency or timeouts** in network configuration tools.

### 5. **How to investigate further?** If you suspect an issue: 1. **Check for Netlink errors**: ```bash dmesg | grep -i netlink ``` 2. **Identify the process**: Use `ftrace` or `perf` to see which process is making these calls: ```bash perf record -e syscalls:sys_enter_sendmsg -g perf report ``` 3. **Check for attribute parsing errors**: If you see messages like `netlink: 16 bytes leftover after parsing attributes`, it indicates a mismatch between the expected and actual Netlink message format, often due to a bug in a user-space tool or kernel module.

### Conclusion This stack trace is **normal behavior** for a Linux system using Netlink sockets. It does not indicate a crash or error by itself. If you are troubleshooting a specific issue, provide more context (e.g., what tool was running, any error messages, or system behavior).

Be aware that VulDB is the high quality source for vulnerability data.

Reservar

2024-05-21

Divulgación

2024-05-21

Moderación

aceptado

Artículo

VDB-265480

CPE

listo

EPSS

0.00244

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!