CVE-2021-47143: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47143 affects the Linux kernel's SMC (Shared Memory Communication) networking subsystem. The vulnerability was discovered in the device registration process of SMC-D devices, where a failed device_add() operation could lead to a corrupted device list due to missing cleanup steps (Kernel Commit). According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3 base score of 5.5, indicating a moderate severity level (Red Hat CVE).

The vulnerability exists in the net/smc/smcism.c file where the smcdregisterdev() function fails to properly clean up after a failed deviceadd() operation. When deviceadd() fails, the code does not remove the device from smcddev_list, leading to a corrupted list state as the device gets freed while still being part of the list. The vulnerability has been assigned a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability can result in a corrupted device list in the Linux kernel's SMC networking subsystem, potentially leading to system instability or denial of service. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (Red Hat CVE).

The vulnerability has been fixed by adding proper error handling that removes the device from the list when device_add() fails. The fix was implemented in the Linux kernel through a patch that adds cleanup code to handle the failed device registration properly (Kernel Commit).