CVE-2021-47169: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co ---truncated---
AI Analysis
Technical Summary
CVE-2021-47169 is a vulnerability in the Linux kernel's rp2 serial driver, specifically related to the asynchronous firmware loading mechanism. The rp2 driver registers an interrupt handler (rp2_uart_interrupt) before the firmware is fully loaded and the device ports are initialized. This occurs because the driver uses the asynchronous function request_firmware_nowait to load firmware, which calls back rp2_fw_cb. If the firmware is missing or fails to load, rp2_fw_cb returns without initializing the rp2_card ports. However, the interrupt handler remains registered and may be triggered by hardware interrupts. When rp2_uart_interrupt executes, it attempts to access uninitialized ports, leading to a NULL pointer dereference and kernel crash (kernel oops). The root cause is the use of asynchronous firmware loading without ensuring the device is fully initialized before enabling interrupts. The fix involves switching to the synchronous request_firmware call, which blocks until firmware loading completes, ensuring the device is ready before interrupts are handled. The vulnerability can cause system instability or denial of service due to kernel crashes triggered by hardware interrupts on affected devices. The issue was observed on Linux kernel version 4.19.177 with QEMU emulated hardware, but the underlying flaw affects any system using the rp2 serial driver with asynchronous firmware loading. No known exploits are reported in the wild, but the bug can be triggered by hardware events causing interrupts. The vulnerability does not require user interaction or authentication, but it depends on the presence of the rp2 serial hardware and driver. The vulnerability impacts kernel stability and availability but does not directly expose confidentiality or integrity risks. The technical details include kernel oops stack traces showing NULL pointer dereference in rp2_uart_interrupt and related functions.
Potential Impact
For European organizations, the primary impact of CVE-2021-47169 is potential denial of service due to kernel crashes on Linux systems using the rp2 serial driver. This can affect embedded systems, industrial control devices, or specialized hardware relying on this driver. Organizations running Linux kernels with this vulnerable driver version may experience system instability or unexpected reboots triggered by hardware interrupts. This can disrupt critical services, especially in sectors like manufacturing, telecommunications, or infrastructure where embedded Linux devices are common. While the vulnerability does not directly lead to data breaches or privilege escalation, the resulting downtime or system crashes can impact operational continuity and availability. Organizations with large Linux deployments should assess whether their hardware uses the rp2 serial driver and plan for patching. The lack of known exploits reduces immediate risk, but the vulnerability could be leveraged in targeted attacks to cause disruption. Systems running virtualized environments with QEMU emulating affected hardware may also be impacted. Overall, the threat is primarily to system availability and reliability rather than confidentiality or integrity.
Mitigation Recommendations
1. Upgrade the Linux kernel to a version where the rp2 driver uses synchronous firmware loading (request_firmware) instead of asynchronous (request_firmware_nowait), as per the patch addressing CVE-2021-47169. 2. Identify systems using the rp2 serial driver by checking kernel modules and hardware inventories; prioritize patching these systems. 3. For embedded or specialized devices where kernel upgrades are difficult, consider disabling the rp2 serial driver if not required or isolating affected hardware to reduce interrupt triggers. 4. Implement monitoring for kernel oops or crashes related to rp2_uart_interrupt to detect potential exploitation or triggering of this bug. 5. Coordinate with hardware vendors for firmware updates or driver patches if devices use customized Linux kernels. 6. Use kernel lockdown or security modules to restrict unauthorized kernel module loading or driver manipulation that could exacerbate the issue. 7. Test patches in staging environments to ensure stability before deployment in production, especially for critical infrastructure. 8. Maintain up-to-date backups and recovery plans to mitigate impact of potential system crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2021-47169: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2021-47169 is a vulnerability in the Linux kernel's rp2 serial driver, specifically related to the asynchronous firmware loading mechanism. The rp2 driver registers an interrupt handler (rp2_uart_interrupt) before the firmware is fully loaded and the device ports are initialized. This occurs because the driver uses the asynchronous function request_firmware_nowait to load firmware, which calls back rp2_fw_cb. If the firmware is missing or fails to load, rp2_fw_cb returns without initializing the rp2_card ports. However, the interrupt handler remains registered and may be triggered by hardware interrupts. When rp2_uart_interrupt executes, it attempts to access uninitialized ports, leading to a NULL pointer dereference and kernel crash (kernel oops). The root cause is the use of asynchronous firmware loading without ensuring the device is fully initialized before enabling interrupts. The fix involves switching to the synchronous request_firmware call, which blocks until firmware loading completes, ensuring the device is ready before interrupts are handled. The vulnerability can cause system instability or denial of service due to kernel crashes triggered by hardware interrupts on affected devices. The issue was observed on Linux kernel version 4.19.177 with QEMU emulated hardware, but the underlying flaw affects any system using the rp2 serial driver with asynchronous firmware loading. No known exploits are reported in the wild, but the bug can be triggered by hardware events causing interrupts. The vulnerability does not require user interaction or authentication, but it depends on the presence of the rp2 serial hardware and driver. The vulnerability impacts kernel stability and availability but does not directly expose confidentiality or integrity risks. The technical details include kernel oops stack traces showing NULL pointer dereference in rp2_uart_interrupt and related functions.
Potential Impact
For European organizations, the primary impact of CVE-2021-47169 is potential denial of service due to kernel crashes on Linux systems using the rp2 serial driver. This can affect embedded systems, industrial control devices, or specialized hardware relying on this driver. Organizations running Linux kernels with this vulnerable driver version may experience system instability or unexpected reboots triggered by hardware interrupts. This can disrupt critical services, especially in sectors like manufacturing, telecommunications, or infrastructure where embedded Linux devices are common. While the vulnerability does not directly lead to data breaches or privilege escalation, the resulting downtime or system crashes can impact operational continuity and availability. Organizations with large Linux deployments should assess whether their hardware uses the rp2 serial driver and plan for patching. The lack of known exploits reduces immediate risk, but the vulnerability could be leveraged in targeted attacks to cause disruption. Systems running virtualized environments with QEMU emulating affected hardware may also be impacted. Overall, the threat is primarily to system availability and reliability rather than confidentiality or integrity.
Mitigation Recommendations
1. Upgrade the Linux kernel to a version where the rp2 driver uses synchronous firmware loading (request_firmware) instead of asynchronous (request_firmware_nowait), as per the patch addressing CVE-2021-47169. 2. Identify systems using the rp2 serial driver by checking kernel modules and hardware inventories; prioritize patching these systems. 3. For embedded or specialized devices where kernel upgrades are difficult, consider disabling the rp2 serial driver if not required or isolating affected hardware to reduce interrupt triggers. 4. Implement monitoring for kernel oops or crashes related to rp2_uart_interrupt to detect potential exploitation or triggering of this bug. 5. Coordinate with hardware vendors for firmware updates or driver patches if devices use customized Linux kernels. 6. Use kernel lockdown or security modules to restrict unauthorized kernel module loading or driver manipulation that could exacerbate the issue. 7. Test patches in staging environments to ensure stability before deployment in production, especially for critical infrastructure. 8. Maintain up-to-date backups and recovery plans to mitigate impact of potential system crashes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-25T09:12:14.111Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbe9f4d
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 6:21:38 PM
Last updated: 8/4/2025, 12:42:31 PM
Views: 12
Related Threats
CVE-2025-9097: Improper Export of Android Application Components in Euro Information CIC banque et compte en ligne App
MediumCVE-2025-9096: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-9095: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-7342: CWE-798 Use of Hard-coded Credentials in Kubernetes Image Builder
HighCVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.