CVE-2021-47102: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line: upper = info->upper_dev; We access upper_dev field, which is related only for particular events (e.g. event == NETDEV_CHANGEUPPER). So, this line cause invalid memory access for another events, when ptr is not netdev_notifier_changeupper_info. The KASAN logs are as follows: [ 30.123165] BUG: KASAN: stack-out-of-bounds in prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera] [ 30.133336] Read of size 8 at addr ffff80000cf772b0 by task udevd/778 [ 30.139866] [ 30.141398] CPU: 0 PID: 778 Comm: udevd Not tainted 5.16.0-rc3 #6 [ 30.147588] Hardware name: DNI AmazonGo1 A7040 board (DT) [ 30.153056] Call trace: [ 30.155547] dump_backtrace+0x0/0x2c0 [ 30.159320] show_stack+0x18/0x30 [ 30.162729] dump_stack_lvl+0x68/0x84 [ 30.166491] print_address_description.constprop.0+0x74/0x2b8 [ 30.172346] kasan_report+0x1e8/0x250 [ 30.176102] __asan_load8+0x98/0xe0 [ 30.179682] prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera] [ 30.186847] prestera_netdev_event_handler+0x1b4/0x1c0 [prestera] [ 30.193313] raw_notifier_call_chain+0x74/0xa0 [ 30.197860] call_netdevice_notifiers_info+0x68/0xc0 [ 30.202924] register_netdevice+0x3cc/0x760 [ 30.207190] register_netdev+0x24/0x50 [ 30.211015] prestera_device_register+0x8a0/0xba0 [prestera]
AI Analysis
Technical Summary
CVE-2021-47102 is a vulnerability identified in the Linux kernel, specifically within the Marvell Prestera network driver component. The flaw arises from improper handling of the 'upper_dev' field in the 'netdev_notifier_changeupper_info' structure. The vulnerable code accesses the 'upper_dev' field unconditionally, but this field is only valid for certain network device events, such as NETDEV_CHANGEUPPER. When other events occur, the pointer is not of the expected type, leading to invalid memory access. This results in a stack-out-of-bounds read, as detected by Kernel Address Sanitizer (KASAN) logs, which show attempts to read memory beyond the allocated stack frame. The issue manifests during network device event handling, particularly in the 'prestera_netdev_port_event' function, and can cause kernel crashes or undefined behavior due to memory corruption. The vulnerability affects Linux kernel versions including the commit referenced (3d5048cc54bd250cfbb358c37fcc011135977887). Although no known exploits are currently reported in the wild, the flaw represents a serious stability and security risk in systems using the Prestera driver, which is common in network equipment based on Marvell Prestera switches. The root cause is a logic error in event type checking before accessing event-specific data structures, leading to unsafe memory dereferencing in kernel space.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to infrastructure relying on Linux systems with Marvell Prestera network drivers, such as data centers, telecom providers, and enterprises using network switches or embedded devices with this hardware. Exploitation could lead to kernel crashes, causing denial of service (DoS) conditions and potential disruption of critical network services. In environments with high availability requirements, such as financial institutions, healthcare, and industrial control systems, such instability can have significant operational and financial consequences. Although no direct privilege escalation or remote code execution is indicated, the memory corruption could be leveraged in complex attack chains or combined with other vulnerabilities. The lack of authentication or user interaction requirements means that local processes or automated system components handling network events could inadvertently trigger the flaw. Given the widespread use of Linux in European IT infrastructure and the strategic importance of network reliability, this vulnerability demands prompt attention to avoid service degradation and maintain compliance with cybersecurity regulations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that correct the event type validation logic in the Prestera driver as soon as they become available from trusted sources or Linux distributions. 2) If patching is not immediately feasible, consider disabling or unloading the Prestera network driver module where possible, especially on non-critical systems, to prevent triggering the vulnerable code path. 3) Implement enhanced monitoring of kernel logs and KASAN reports to detect any anomalous memory access or crashes related to network device events. 4) Conduct thorough testing of network device event handling in controlled environments to identify potential triggers of the vulnerability. 5) Coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and advisories are received and applied. 6) Employ network segmentation and strict access controls to limit exposure of vulnerable systems to untrusted users or processes that could provoke the flaw. 7) Maintain robust backup and recovery procedures to minimize downtime in case of exploitation-induced crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2021-47102: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line: upper = info->upper_dev; We access upper_dev field, which is related only for particular events (e.g. event == NETDEV_CHANGEUPPER). So, this line cause invalid memory access for another events, when ptr is not netdev_notifier_changeupper_info. The KASAN logs are as follows: [ 30.123165] BUG: KASAN: stack-out-of-bounds in prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera] [ 30.133336] Read of size 8 at addr ffff80000cf772b0 by task udevd/778 [ 30.139866] [ 30.141398] CPU: 0 PID: 778 Comm: udevd Not tainted 5.16.0-rc3 #6 [ 30.147588] Hardware name: DNI AmazonGo1 A7040 board (DT) [ 30.153056] Call trace: [ 30.155547] dump_backtrace+0x0/0x2c0 [ 30.159320] show_stack+0x18/0x30 [ 30.162729] dump_stack_lvl+0x68/0x84 [ 30.166491] print_address_description.constprop.0+0x74/0x2b8 [ 30.172346] kasan_report+0x1e8/0x250 [ 30.176102] __asan_load8+0x98/0xe0 [ 30.179682] prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera] [ 30.186847] prestera_netdev_event_handler+0x1b4/0x1c0 [prestera] [ 30.193313] raw_notifier_call_chain+0x74/0xa0 [ 30.197860] call_netdevice_notifiers_info+0x68/0xc0 [ 30.202924] register_netdevice+0x3cc/0x760 [ 30.207190] register_netdev+0x24/0x50 [ 30.211015] prestera_device_register+0x8a0/0xba0 [prestera]
AI-Powered Analysis
Technical Analysis
CVE-2021-47102 is a vulnerability identified in the Linux kernel, specifically within the Marvell Prestera network driver component. The flaw arises from improper handling of the 'upper_dev' field in the 'netdev_notifier_changeupper_info' structure. The vulnerable code accesses the 'upper_dev' field unconditionally, but this field is only valid for certain network device events, such as NETDEV_CHANGEUPPER. When other events occur, the pointer is not of the expected type, leading to invalid memory access. This results in a stack-out-of-bounds read, as detected by Kernel Address Sanitizer (KASAN) logs, which show attempts to read memory beyond the allocated stack frame. The issue manifests during network device event handling, particularly in the 'prestera_netdev_port_event' function, and can cause kernel crashes or undefined behavior due to memory corruption. The vulnerability affects Linux kernel versions including the commit referenced (3d5048cc54bd250cfbb358c37fcc011135977887). Although no known exploits are currently reported in the wild, the flaw represents a serious stability and security risk in systems using the Prestera driver, which is common in network equipment based on Marvell Prestera switches. The root cause is a logic error in event type checking before accessing event-specific data structures, leading to unsafe memory dereferencing in kernel space.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to infrastructure relying on Linux systems with Marvell Prestera network drivers, such as data centers, telecom providers, and enterprises using network switches or embedded devices with this hardware. Exploitation could lead to kernel crashes, causing denial of service (DoS) conditions and potential disruption of critical network services. In environments with high availability requirements, such as financial institutions, healthcare, and industrial control systems, such instability can have significant operational and financial consequences. Although no direct privilege escalation or remote code execution is indicated, the memory corruption could be leveraged in complex attack chains or combined with other vulnerabilities. The lack of authentication or user interaction requirements means that local processes or automated system components handling network events could inadvertently trigger the flaw. Given the widespread use of Linux in European IT infrastructure and the strategic importance of network reliability, this vulnerability demands prompt attention to avoid service degradation and maintain compliance with cybersecurity regulations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that correct the event type validation logic in the Prestera driver as soon as they become available from trusted sources or Linux distributions. 2) If patching is not immediately feasible, consider disabling or unloading the Prestera network driver module where possible, especially on non-critical systems, to prevent triggering the vulnerable code path. 3) Implement enhanced monitoring of kernel logs and KASAN reports to detect any anomalous memory access or crashes related to network device events. 4) Conduct thorough testing of network device event handling in controlled environments to identify potential triggers of the vulnerability. 5) Coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and advisories are received and applied. 6) Employ network segmentation and strict access controls to limit exposure of vulnerable systems to untrusted users or processes that could provoke the flaw. 7) Maintain robust backup and recovery procedures to minimize downtime in case of exploitation-induced crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-29T22:33:44.301Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9d1f
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 9:41:21 PM
Last updated: 7/29/2025, 3:13:33 AM
Views: 8
Related Threats
CVE-2025-8988: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8987: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumCVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.