CVE-2021-46910: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled The debugging code for kmap_local() doubles the number of per-CPU fixmap slots allocated for kmap_local(), in order to use half of them as guard regions. This causes the fixmap region to grow downwards beyond the start of its reserved window if the supported number of CPUs is large, and collide with the newly added virtual DT mapping right below it, which is obviously not good. One manifestation of this is EFI boot on a kernel built with NR_CPUS=32 and CONFIG_DEBUG_KMAP_LOCAL=y, which may pass the FDT in highmem, resulting in block entries below the fixmap region that the fixmap code misidentifies as fixmap table entries, and subsequently tries to dereference using a phys-to-virt translation that is only valid for lowmem. This results in a cryptic splat such as the one below. ftrace: allocating 45548 entries in 89 pages 8<--- cut here --- Unable to handle kernel paging request at virtual address fc6006f0 pgd = (ptrval) [fc6006f0] *pgd=80000040207003, *pmd=00000000 Internal error: Oops: a06 [#1] SMP ARM Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0+ #382 Hardware name: Generic DT based system PC is at cpu_ca15_set_pte_ext+0x24/0x30 LR is at __set_fixmap+0xe4/0x118 pc : [<c041ac9c>] lr : [<c04189d8>] psr: 400000d3 sp : c1601ed8 ip : 00400000 fp : 00800000 r10: 0000071f r9 : 00421000 r8 : 00c00000 r7 : 00c00000 r6 : 0000071f r5 : ffade000 r4 : 4040171f r3 : 00c00000 r2 : 4040171f r1 : c041ac78 r0 : fc6006f0 Flags: nZcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 40203000 DAC: 00000001 Process swapper (pid: 0, stack limit = 0x(ptrval)) So let's limit CONFIG_NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL=y. Also, fix the BUILD_BUG_ON() check that was supposed to catch this, by checking whether the region grows below the start address rather than above the end address.
AI Analysis
Technical Summary
CVE-2021-46910 is a vulnerability identified in the Linux kernel specifically affecting ARM architectures when the kernel is built with the CONFIG_DEBUG_KMAP_LOCAL option enabled and NR_CPUS set to 32 or higher. The vulnerability arises from the debugging code for the kmap_local() function, which doubles the number of per-CPU fixmap slots to use half as guard regions. This causes the fixmap region to grow downward beyond its reserved window if the number of CPUs is large, leading to a collision with the newly added virtual Device Tree (DT) mapping located just below the fixmap region. This overlap results in the kernel misinterpreting block entries below the fixmap region as fixmap table entries and attempting to dereference them using a phys-to-virt translation valid only for low memory. This misinterpretation leads to kernel paging faults and internal errors, causing system crashes (kernel oops). The issue manifests notably during EFI boot on affected kernels, resulting in cryptic kernel panic messages and system instability. The fix implemented limits NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL is enabled and corrects the BUILD_BUG_ON() check to properly detect when the fixmap region grows below its start address rather than above its end address. This vulnerability is specific to ARM-based Linux systems with particular kernel configurations and does not affect all Linux deployments. No known exploits are reported in the wild at this time.
Potential Impact
For European organizations, the impact of CVE-2021-46910 depends largely on their use of ARM-based Linux systems with debugging enabled for kmap_local and high CPU counts (NR_CPUS >= 32). Such configurations are more common in development, embedded, or specialized ARM server environments rather than typical x86 enterprise servers. The vulnerability can cause system crashes and instability, potentially leading to denial of service conditions. This could disrupt critical services, especially in sectors relying on ARM-based infrastructure such as telecommunications, IoT deployments, and edge computing. Confidentiality and integrity impacts are minimal as the vulnerability primarily causes availability issues through kernel panics. However, repeated crashes could lead to operational downtime and increased maintenance costs. Since exploitation requires specific kernel build configurations and hardware architectures, the threat is limited in scope but should not be ignored in environments where these conditions apply.
Mitigation Recommendations
European organizations should audit their Linux kernel configurations on ARM-based systems to determine if CONFIG_DEBUG_KMAP_LOCAL is enabled and if NR_CPUS is set to 32 or higher. For production systems, it is advisable to disable CONFIG_DEBUG_KMAP_LOCAL unless actively debugging kernel memory mappings. If debugging is necessary, limit NR_CPUS to 16 as per the patch recommendations. Organizations should apply the latest Linux kernel updates that include the fix for CVE-2021-46910 to ensure the BUILD_BUG_ON() check correctly prevents the fixmap region overlap. Additionally, thorough testing of kernel updates in staging environments is recommended to verify stability before deployment. Monitoring kernel logs for paging faults or oops messages related to fixmap or kmap_local can help detect potential issues early. For embedded or ARM-based devices, coordinate with hardware vendors to ensure firmware and kernel patches are applied promptly. Avoid running kernels with debug options enabled in production unless absolutely necessary.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2021-46910: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled The debugging code for kmap_local() doubles the number of per-CPU fixmap slots allocated for kmap_local(), in order to use half of them as guard regions. This causes the fixmap region to grow downwards beyond the start of its reserved window if the supported number of CPUs is large, and collide with the newly added virtual DT mapping right below it, which is obviously not good. One manifestation of this is EFI boot on a kernel built with NR_CPUS=32 and CONFIG_DEBUG_KMAP_LOCAL=y, which may pass the FDT in highmem, resulting in block entries below the fixmap region that the fixmap code misidentifies as fixmap table entries, and subsequently tries to dereference using a phys-to-virt translation that is only valid for lowmem. This results in a cryptic splat such as the one below. ftrace: allocating 45548 entries in 89 pages 8<--- cut here --- Unable to handle kernel paging request at virtual address fc6006f0 pgd = (ptrval) [fc6006f0] *pgd=80000040207003, *pmd=00000000 Internal error: Oops: a06 [#1] SMP ARM Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0+ #382 Hardware name: Generic DT based system PC is at cpu_ca15_set_pte_ext+0x24/0x30 LR is at __set_fixmap+0xe4/0x118 pc : [<c041ac9c>] lr : [<c04189d8>] psr: 400000d3 sp : c1601ed8 ip : 00400000 fp : 00800000 r10: 0000071f r9 : 00421000 r8 : 00c00000 r7 : 00c00000 r6 : 0000071f r5 : ffade000 r4 : 4040171f r3 : 00c00000 r2 : 4040171f r1 : c041ac78 r0 : fc6006f0 Flags: nZcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 40203000 DAC: 00000001 Process swapper (pid: 0, stack limit = 0x(ptrval)) So let's limit CONFIG_NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL=y. Also, fix the BUILD_BUG_ON() check that was supposed to catch this, by checking whether the region grows below the start address rather than above the end address.
AI-Powered Analysis
Technical Analysis
CVE-2021-46910 is a vulnerability identified in the Linux kernel specifically affecting ARM architectures when the kernel is built with the CONFIG_DEBUG_KMAP_LOCAL option enabled and NR_CPUS set to 32 or higher. The vulnerability arises from the debugging code for the kmap_local() function, which doubles the number of per-CPU fixmap slots to use half as guard regions. This causes the fixmap region to grow downward beyond its reserved window if the number of CPUs is large, leading to a collision with the newly added virtual Device Tree (DT) mapping located just below the fixmap region. This overlap results in the kernel misinterpreting block entries below the fixmap region as fixmap table entries and attempting to dereference them using a phys-to-virt translation valid only for low memory. This misinterpretation leads to kernel paging faults and internal errors, causing system crashes (kernel oops). The issue manifests notably during EFI boot on affected kernels, resulting in cryptic kernel panic messages and system instability. The fix implemented limits NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL is enabled and corrects the BUILD_BUG_ON() check to properly detect when the fixmap region grows below its start address rather than above its end address. This vulnerability is specific to ARM-based Linux systems with particular kernel configurations and does not affect all Linux deployments. No known exploits are reported in the wild at this time.
Potential Impact
For European organizations, the impact of CVE-2021-46910 depends largely on their use of ARM-based Linux systems with debugging enabled for kmap_local and high CPU counts (NR_CPUS >= 32). Such configurations are more common in development, embedded, or specialized ARM server environments rather than typical x86 enterprise servers. The vulnerability can cause system crashes and instability, potentially leading to denial of service conditions. This could disrupt critical services, especially in sectors relying on ARM-based infrastructure such as telecommunications, IoT deployments, and edge computing. Confidentiality and integrity impacts are minimal as the vulnerability primarily causes availability issues through kernel panics. However, repeated crashes could lead to operational downtime and increased maintenance costs. Since exploitation requires specific kernel build configurations and hardware architectures, the threat is limited in scope but should not be ignored in environments where these conditions apply.
Mitigation Recommendations
European organizations should audit their Linux kernel configurations on ARM-based systems to determine if CONFIG_DEBUG_KMAP_LOCAL is enabled and if NR_CPUS is set to 32 or higher. For production systems, it is advisable to disable CONFIG_DEBUG_KMAP_LOCAL unless actively debugging kernel memory mappings. If debugging is necessary, limit NR_CPUS to 16 as per the patch recommendations. Organizations should apply the latest Linux kernel updates that include the fix for CVE-2021-46910 to ensure the BUILD_BUG_ON() check correctly prevents the fixmap region overlap. Additionally, thorough testing of kernel updates in staging environments is recommended to verify stability before deployment. Monitoring kernel logs for paging faults or oops messages related to fixmap or kmap_local can help detect potential issues early. For embedded or ARM-based devices, coordinate with hardware vendors to ensure firmware and kernel patches are applied promptly. Avoid running kernels with debug options enabled in production unless absolutely necessary.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:45:52.718Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea668
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 10:07:52 AM
Last updated: 8/9/2025, 12:33:04 PM
Views: 15
Related Threats
CVE-2025-9095: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-7342: CWE-798 Use of Hard-coded Credentials in Kubernetes Image Builder
HighCVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.