CVE-2021-47023: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port events are handling at the same time because fw may send initial port event with down state. The crash points to cancel_delayed_work() which is called when port went is down. Currently I did not find out the real cause of the issue, so fixed it by cancel port stats work only if previous port's state was up & runnig. The following is the crash which can be triggered: [ 28.311104] Unable to handle kernel paging request at virtual address 000071775f776600 [ 28.319097] Mem abort info: [ 28.321914] ESR = 0x96000004 [ 28.324996] EC = 0x25: DABT (current EL), IL = 32 bits [ 28.330350] SET = 0, FnV = 0 [ 28.333430] EA = 0, S1PTW = 0 [ 28.336597] Data abort info: [ 28.339499] ISV = 0, ISS = 0x00000004 [ 28.343362] CM = 0, WnR = 0 [ 28.346354] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000100bf7000 [ 28.352842] [000071775f776600] pgd=0000000000000000, p4d=0000000000000000 [ 28.359695] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 28.365310] Modules linked in: prestera_pci(+) prestera uio_pdrv_genirq [ 28.372005] CPU: 0 PID: 1291 Comm: kworker/0:1H Not tainted 5.11.0-rc4 #1 [ 28.378846] Hardware name: DNI AmazonGo1 A7040 board (DT) [ 28.384283] Workqueue: prestera_fw_wq prestera_fw_evt_work_fn [prestera_pci] [ 28.391413] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--) [ 28.397468] pc : get_work_pool+0x48/0x60 [ 28.401442] lr : try_to_grab_pending+0x6c/0x1b0 [ 28.406018] sp : ffff80001391bc60 [ 28.409358] x29: ffff80001391bc60 x28: 0000000000000000 [ 28.414725] x27: ffff000104fc8b40 x26: ffff80001127de88 [ 28.420089] x25: 0000000000000000 x24: ffff000106119760 [ 28.425452] x23: ffff00010775dd60 x22: ffff00010567e000 [ 28.430814] x21: 0000000000000000 x20: ffff80001391bcb0 [ 28.436175] x19: ffff00010775deb8 x18: 00000000000000c0 [ 28.441537] x17: 0000000000000000 x16: 000000008d9b0e88 [ 28.446898] x15: 0000000000000001 x14: 00000000000002ba [ 28.452261] x13: 80a3002c00000002 x12: 00000000000005f4 [ 28.457622] x11: 0000000000000030 x10: 000000000000000c [ 28.462985] x9 : 000000000000000c x8 : 0000000000000030 [ 28.468346] x7 : ffff800014400000 x6 : ffff000106119758 [ 28.473708] x5 : 0000000000000003 x4 : ffff00010775dc60 [ 28.479068] x3 : 0000000000000000 x2 : 0000000000000060 [ 28.484429] x1 : 000071775f776600 x0 : ffff00010775deb8 [ 28.489791] Call trace: [ 28.492259] get_work_pool+0x48/0x60 [ 28.495874] cancel_delayed_work+0x38/0xb0 [ 28.500011] prestera_port_handle_event+0x90/0xa0 [prestera] [ 28.505743] prestera_evt_recv+0x98/0xe0 [prestera] [ 28.510683] prestera_fw_evt_work_fn+0x180/0x228 [prestera_pci] [ 28.516660] process_one_work+0x1e8/0x360 [ 28.520710] worker_thread+0x44/0x480 [ 28.524412] kthread+0x154/0x160 [ 28.527670] ret_from_fork+0x10/0x38 [ 28.531290] Code: a8c17bfd d50323bf d65f03c0 9278dc21 (f9400020) [ 28.537429] ---[ end trace 5eced933df3a080b ]---
AI Analysis
Technical Summary
CVE-2021-47023 is a high-severity vulnerability affecting the Linux kernel, specifically within the Marvell Prestera network driver subsystem. The flaw arises during the initialization of network ports where port event handling occurs concurrently. The root cause is a race condition leading to a kernel crash triggered by improper handling of port state transitions. Specifically, the firmware may send an initial port event indicating a 'down' state while the port is still being created, causing the kernel to call cancel_delayed_work() on a work item that may not be valid or properly synchronized. This results in a kernel paging fault and an 'Oops' error, indicative of a kernel panic or crash. The vulnerability is linked to the cancel_delayed_work() function being invoked without verifying the previous port state, which the patch addresses by only canceling port stats work if the port was previously 'up and running.' The crash log shows a memory abort due to invalid page table entries, confirming a use-after-free or null pointer dereference scenario. This vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption), implying that exploitation could lead to denial of service by crashing the kernel. The CVSS 3.1 score is 8.2 (high), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and a significant impact on availability, though confidentiality is unaffected and integrity impact is limited. No known exploits are currently reported in the wild, but the vulnerability affects Linux kernel versions containing the Marvell Prestera driver, which is used in network equipment and embedded systems relying on this hardware. The patch involves conditional cancellation of delayed work based on port state, preventing the race condition and subsequent crash.
Potential Impact
For European organizations, the primary impact of CVE-2021-47023 is the potential for denial of service (DoS) on Linux systems running the affected kernel with Marvell Prestera network drivers. This could disrupt network connectivity and availability of critical services, especially in environments relying on embedded Linux devices or network infrastructure hardware using this driver. Industries such as telecommunications, cloud service providers, data centers, and enterprises with specialized networking equipment may experience service interruptions. While confidentiality and data integrity are not directly impacted, the availability impact can lead to operational downtime, affecting business continuity and potentially causing financial and reputational damage. Given the kernel-level nature of the crash, recovery may require system reboots or manual intervention, which can be problematic in high-availability or real-time systems. European organizations with deployments of network devices or embedded systems using Marvell Prestera chips should be particularly vigilant. The lack of known exploits reduces immediate risk, but the low complexity and no privilege requirements mean attackers could potentially develop exploits, increasing future risk.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses this vulnerability as soon as it becomes available for your distribution or kernel version. Monitor vendor advisories for updated kernel packages. 2. Identify and inventory all systems using the Marvell Prestera network driver, including embedded devices and network appliances, to prioritize patching efforts. 3. For devices where patching the kernel is not immediately feasible, consider network segmentation and access controls to limit exposure to untrusted networks, reducing the risk of remote exploitation. 4. Implement monitoring and alerting for kernel crashes and unusual network port events to detect potential exploitation attempts early. 5. Engage with hardware and device vendors to confirm if their products are affected and request firmware or driver updates if applicable. 6. In environments with strict uptime requirements, plan for maintenance windows to apply patches and reboot affected systems safely. 7. Maintain up-to-date backups and recovery procedures to minimize downtime impact in case of crashes triggered by exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2021-47023: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port events are handling at the same time because fw may send initial port event with down state. The crash points to cancel_delayed_work() which is called when port went is down. Currently I did not find out the real cause of the issue, so fixed it by cancel port stats work only if previous port's state was up & runnig. The following is the crash which can be triggered: [ 28.311104] Unable to handle kernel paging request at virtual address 000071775f776600 [ 28.319097] Mem abort info: [ 28.321914] ESR = 0x96000004 [ 28.324996] EC = 0x25: DABT (current EL), IL = 32 bits [ 28.330350] SET = 0, FnV = 0 [ 28.333430] EA = 0, S1PTW = 0 [ 28.336597] Data abort info: [ 28.339499] ISV = 0, ISS = 0x00000004 [ 28.343362] CM = 0, WnR = 0 [ 28.346354] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000100bf7000 [ 28.352842] [000071775f776600] pgd=0000000000000000, p4d=0000000000000000 [ 28.359695] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 28.365310] Modules linked in: prestera_pci(+) prestera uio_pdrv_genirq [ 28.372005] CPU: 0 PID: 1291 Comm: kworker/0:1H Not tainted 5.11.0-rc4 #1 [ 28.378846] Hardware name: DNI AmazonGo1 A7040 board (DT) [ 28.384283] Workqueue: prestera_fw_wq prestera_fw_evt_work_fn [prestera_pci] [ 28.391413] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--) [ 28.397468] pc : get_work_pool+0x48/0x60 [ 28.401442] lr : try_to_grab_pending+0x6c/0x1b0 [ 28.406018] sp : ffff80001391bc60 [ 28.409358] x29: ffff80001391bc60 x28: 0000000000000000 [ 28.414725] x27: ffff000104fc8b40 x26: ffff80001127de88 [ 28.420089] x25: 0000000000000000 x24: ffff000106119760 [ 28.425452] x23: ffff00010775dd60 x22: ffff00010567e000 [ 28.430814] x21: 0000000000000000 x20: ffff80001391bcb0 [ 28.436175] x19: ffff00010775deb8 x18: 00000000000000c0 [ 28.441537] x17: 0000000000000000 x16: 000000008d9b0e88 [ 28.446898] x15: 0000000000000001 x14: 00000000000002ba [ 28.452261] x13: 80a3002c00000002 x12: 00000000000005f4 [ 28.457622] x11: 0000000000000030 x10: 000000000000000c [ 28.462985] x9 : 000000000000000c x8 : 0000000000000030 [ 28.468346] x7 : ffff800014400000 x6 : ffff000106119758 [ 28.473708] x5 : 0000000000000003 x4 : ffff00010775dc60 [ 28.479068] x3 : 0000000000000000 x2 : 0000000000000060 [ 28.484429] x1 : 000071775f776600 x0 : ffff00010775deb8 [ 28.489791] Call trace: [ 28.492259] get_work_pool+0x48/0x60 [ 28.495874] cancel_delayed_work+0x38/0xb0 [ 28.500011] prestera_port_handle_event+0x90/0xa0 [prestera] [ 28.505743] prestera_evt_recv+0x98/0xe0 [prestera] [ 28.510683] prestera_fw_evt_work_fn+0x180/0x228 [prestera_pci] [ 28.516660] process_one_work+0x1e8/0x360 [ 28.520710] worker_thread+0x44/0x480 [ 28.524412] kthread+0x154/0x160 [ 28.527670] ret_from_fork+0x10/0x38 [ 28.531290] Code: a8c17bfd d50323bf d65f03c0 9278dc21 (f9400020) [ 28.537429] ---[ end trace 5eced933df3a080b ]---
AI-Powered Analysis
Technical Analysis
CVE-2021-47023 is a high-severity vulnerability affecting the Linux kernel, specifically within the Marvell Prestera network driver subsystem. The flaw arises during the initialization of network ports where port event handling occurs concurrently. The root cause is a race condition leading to a kernel crash triggered by improper handling of port state transitions. Specifically, the firmware may send an initial port event indicating a 'down' state while the port is still being created, causing the kernel to call cancel_delayed_work() on a work item that may not be valid or properly synchronized. This results in a kernel paging fault and an 'Oops' error, indicative of a kernel panic or crash. The vulnerability is linked to the cancel_delayed_work() function being invoked without verifying the previous port state, which the patch addresses by only canceling port stats work if the port was previously 'up and running.' The crash log shows a memory abort due to invalid page table entries, confirming a use-after-free or null pointer dereference scenario. This vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption), implying that exploitation could lead to denial of service by crashing the kernel. The CVSS 3.1 score is 8.2 (high), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and a significant impact on availability, though confidentiality is unaffected and integrity impact is limited. No known exploits are currently reported in the wild, but the vulnerability affects Linux kernel versions containing the Marvell Prestera driver, which is used in network equipment and embedded systems relying on this hardware. The patch involves conditional cancellation of delayed work based on port state, preventing the race condition and subsequent crash.
Potential Impact
For European organizations, the primary impact of CVE-2021-47023 is the potential for denial of service (DoS) on Linux systems running the affected kernel with Marvell Prestera network drivers. This could disrupt network connectivity and availability of critical services, especially in environments relying on embedded Linux devices or network infrastructure hardware using this driver. Industries such as telecommunications, cloud service providers, data centers, and enterprises with specialized networking equipment may experience service interruptions. While confidentiality and data integrity are not directly impacted, the availability impact can lead to operational downtime, affecting business continuity and potentially causing financial and reputational damage. Given the kernel-level nature of the crash, recovery may require system reboots or manual intervention, which can be problematic in high-availability or real-time systems. European organizations with deployments of network devices or embedded systems using Marvell Prestera chips should be particularly vigilant. The lack of known exploits reduces immediate risk, but the low complexity and no privilege requirements mean attackers could potentially develop exploits, increasing future risk.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses this vulnerability as soon as it becomes available for your distribution or kernel version. Monitor vendor advisories for updated kernel packages. 2. Identify and inventory all systems using the Marvell Prestera network driver, including embedded devices and network appliances, to prioritize patching efforts. 3. For devices where patching the kernel is not immediately feasible, consider network segmentation and access controls to limit exposure to untrusted networks, reducing the risk of remote exploitation. 4. Implement monitoring and alerting for kernel crashes and unusual network port events to detect potential exploitation attempts early. 5. Engage with hardware and device vendors to confirm if their products are affected and request firmware or driver updates if applicable. 6. In environments with strict uptime requirements, plan for maintenance windows to apply patches and reboot affected systems safely. 7. Maintain up-to-date backups and recovery procedures to minimize downtime impact in case of crashes triggered by exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-27T18:42:55.959Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9a98
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 7/3/2025, 5:42:53 AM
Last updated: 8/18/2025, 11:23:09 PM
Views: 22
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.