CVE-2021-47584: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47584 affects the Linux kernel's iocost functionality. The vulnerability was discovered in the donation calculation logic where a divide-by-zero condition could occur when handling low hweight cgroups. This issue affects Linux kernel versions from 5.10 up to (excluding) 5.10.88 and versions from 5.11 up to (excluding) 5.15.11 (NVD).

The vulnerability stems from an assumption in the donation calculation logic that the donor has non-zero after-donation hweight. The lowest active hweight a donating cgroup should have is 2, allowing it to donate 1 while keeping 1 for itself. However, after implementing a precise donation algorithm through commit f1de2439ec43, low hweight cgroups could enter donation calculations, leading to a divide-by-zero error when a cgroup with active hweight of 1 attempts to donate. The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can trigger a divide-by-zero oops in the kernel, potentially leading to a system crash. The issue occurs in the block/blk-iocost.c component and affects the system's I/O cost controller functionality (Kernel Patch).

The issue has been fixed by excluding cgroups with active hweight < 2 from donating. The fix was implemented in the kernel by adding a condition check before donation calculations. The patch has been backported to affected stable kernel versions. Users should upgrade to Linux kernel version 5.10.88 or later for the 5.10 series, or 5.15.11 or later for the 5.15 series (Kernel Patch).