CVE-2021-47217: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hyperv_init(), the kernel will still report that it's running under Hyper-V, but will have silently disabled nearly all functionality. BUG: kernel NULL pointer dereference, address: 0000000000000010 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 ... Call Trace: kvm_arch_init+0x17c/0x280 kvm_init+0x31/0x330 vmx_init+0xba/0x13a do_one_initcall+0x41/0x1c0 kernel_init_freeable+0x1f2/0x23b kernel_init+0x16/0x120 ret_from_fork+0x22/0x30
AI Analysis
Technical Summary
CVE-2021-47217 is a vulnerability identified in the Linux kernel specifically affecting the x86 Hyper-V integration components. The flaw arises in the function set_hv_tscchange_cb(), which is responsible for setting a callback related to the Time Stamp Counter (TSC) change notification in Hyper-V environments. The vulnerability occurs due to a missing validation check on the hv_vp_index array before it is dereferenced. If the Hyper-V setup fails during the hyperv_init() initialization phase, the kernel incorrectly continues to report that it is running under Hyper-V while disabling most Hyper-V functionality silently. This leads to a NULL pointer dereference when set_hv_tscchange_cb() attempts to access hv_vp_index, resulting in a kernel crash (BUG) and a kernel oops due to a NULL pointer dereference at address 0x10. The crash occurs early in the kernel initialization process, as indicated by the call trace involving kvm_arch_init, kvm_init, and vmx_init functions. This vulnerability can cause a denial of service (DoS) by crashing the kernel, potentially preventing the system from booting or operating correctly under certain virtualization configurations. The issue was reported in Linux kernel version 5.15.0-rc2+ and affects systems running Linux as a guest or host in Hyper-V virtualized environments on x86 architectures. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The root cause is a lack of defensive programming to verify the validity of the hv_vp_index pointer before use when Hyper-V setup fails, leading to a NULL pointer dereference and system instability.
Potential Impact
For European organizations, the impact of CVE-2021-47217 primarily manifests as a potential denial of service condition on Linux systems running on x86 hardware with Hyper-V virtualization enabled or emulated. Organizations relying on Linux virtual machines hosted on Microsoft Hyper-V infrastructure or running Linux kernels with Hyper-V support enabled could experience unexpected kernel crashes during system startup or operation, leading to service interruptions. This could affect cloud service providers, data centers, and enterprises using Hyper-V for virtualization, especially those running critical workloads on Linux guests. The vulnerability does not appear to allow privilege escalation or remote code execution directly but can cause system instability and downtime, impacting availability. Given the widespread use of Linux in European government, financial, and industrial sectors, any disruption in virtualized environments could have cascading effects on business continuity and operational resilience. Additionally, organizations using QEMU/KVM virtualization with Hyper-V paravirtualization features enabled might also be affected. Although no active exploitation is reported, the vulnerability's presence in kernel initialization means that unpatched systems could face boot failures or kernel panics, necessitating rapid patch deployment to maintain service reliability.
Mitigation Recommendations
To mitigate CVE-2021-47217, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2) For environments using Hyper-V virtualization, verify that the Linux kernel versions deployed have the fix for this NULL pointer dereference. 3) Temporarily disable Hyper-V paravirtualization features in Linux guests if patching is not immediately feasible, to avoid triggering the vulnerable code path. 4) Implement robust monitoring of kernel logs and system stability metrics to detect early signs of kernel oops or crashes related to Hyper-V initialization. 5) Test kernel upgrades in staging environments that replicate Hyper-V virtualization setups to ensure compatibility and stability before production rollout. 6) Maintain updated backups and recovery plans to minimize downtime in case of kernel crashes. 7) Collaborate with virtualization platform vendors to ensure coordinated patching and configuration management. These steps go beyond generic advice by focusing on virtualization-specific configurations and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium, Italy, Spain
CVE-2021-47217: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hyperv_init(), the kernel will still report that it's running under Hyper-V, but will have silently disabled nearly all functionality. BUG: kernel NULL pointer dereference, address: 0000000000000010 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 ... Call Trace: kvm_arch_init+0x17c/0x280 kvm_init+0x31/0x330 vmx_init+0xba/0x13a do_one_initcall+0x41/0x1c0 kernel_init_freeable+0x1f2/0x23b kernel_init+0x16/0x120 ret_from_fork+0x22/0x30
AI-Powered Analysis
Technical Analysis
CVE-2021-47217 is a vulnerability identified in the Linux kernel specifically affecting the x86 Hyper-V integration components. The flaw arises in the function set_hv_tscchange_cb(), which is responsible for setting a callback related to the Time Stamp Counter (TSC) change notification in Hyper-V environments. The vulnerability occurs due to a missing validation check on the hv_vp_index array before it is dereferenced. If the Hyper-V setup fails during the hyperv_init() initialization phase, the kernel incorrectly continues to report that it is running under Hyper-V while disabling most Hyper-V functionality silently. This leads to a NULL pointer dereference when set_hv_tscchange_cb() attempts to access hv_vp_index, resulting in a kernel crash (BUG) and a kernel oops due to a NULL pointer dereference at address 0x10. The crash occurs early in the kernel initialization process, as indicated by the call trace involving kvm_arch_init, kvm_init, and vmx_init functions. This vulnerability can cause a denial of service (DoS) by crashing the kernel, potentially preventing the system from booting or operating correctly under certain virtualization configurations. The issue was reported in Linux kernel version 5.15.0-rc2+ and affects systems running Linux as a guest or host in Hyper-V virtualized environments on x86 architectures. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The root cause is a lack of defensive programming to verify the validity of the hv_vp_index pointer before use when Hyper-V setup fails, leading to a NULL pointer dereference and system instability.
Potential Impact
For European organizations, the impact of CVE-2021-47217 primarily manifests as a potential denial of service condition on Linux systems running on x86 hardware with Hyper-V virtualization enabled or emulated. Organizations relying on Linux virtual machines hosted on Microsoft Hyper-V infrastructure or running Linux kernels with Hyper-V support enabled could experience unexpected kernel crashes during system startup or operation, leading to service interruptions. This could affect cloud service providers, data centers, and enterprises using Hyper-V for virtualization, especially those running critical workloads on Linux guests. The vulnerability does not appear to allow privilege escalation or remote code execution directly but can cause system instability and downtime, impacting availability. Given the widespread use of Linux in European government, financial, and industrial sectors, any disruption in virtualized environments could have cascading effects on business continuity and operational resilience. Additionally, organizations using QEMU/KVM virtualization with Hyper-V paravirtualization features enabled might also be affected. Although no active exploitation is reported, the vulnerability's presence in kernel initialization means that unpatched systems could face boot failures or kernel panics, necessitating rapid patch deployment to maintain service reliability.
Mitigation Recommendations
To mitigate CVE-2021-47217, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2) For environments using Hyper-V virtualization, verify that the Linux kernel versions deployed have the fix for this NULL pointer dereference. 3) Temporarily disable Hyper-V paravirtualization features in Linux guests if patching is not immediately feasible, to avoid triggering the vulnerable code path. 4) Implement robust monitoring of kernel logs and system stability metrics to detect early signs of kernel oops or crashes related to Hyper-V initialization. 5) Test kernel upgrades in staging environments that replicate Hyper-V virtualization setups to ensure compatibility and stability before production rollout. 6) Maintain updated backups and recovery plans to minimize downtime in case of kernel crashes. 7) Collaborate with virtualization platform vendors to ensure coordinated patching and configuration management. These steps go beyond generic advice by focusing on virtualization-specific configurations and proactive monitoring tailored to the nature of this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-04-10T18:59:19.528Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea0b7
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 4:35:46 PM
Last updated: 8/1/2025, 7:19:29 PM
Views: 11
Related Threats
CVE-2025-8859: Unrestricted Upload in code-projects eBlog Site
MediumCVE-2025-8865: CWE-476 NULL Pointer Dereference in YugabyteDB Inc YugabyteDB
MediumCVE-2025-8852: Information Exposure Through Error Message in WuKongOpenSource WukongCRM
MediumCVE-2025-8864: CWE-532 Insertion of Sensitive Information into Log File in YugabyteDB Inc YugabyteDB Anywhere
MediumCVE-2025-8851: Stack-based Buffer Overflow in LibTIFF
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.