CVE-2021-47414: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: [ 0.000000] ftrace: allocating 36610 entries in 144 pages [ 0.000000] Oops - illegal instruction [#1] [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5 [ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT) [ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a [ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10 [ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000 [ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60 [ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10 [ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 [ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43 [ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000 [ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001 [ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000 [ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008 [ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188 [ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002 [ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26 [ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a [ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32 [ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c [ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360 [ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130 [ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6 [ 0.000000] ---[ end trace f67eb9af4d8d492b ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! [ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- While ftrace is looping over a list of addresses to patch, it always failed when patching the same function: riscv_cpuid_to_hartid_mask. Looking at the backtrace, the illegal instruction is encountered in this same function. However, patch_text_nosync, after patching the instructions, calls flush_icache_range. But looking at what happens in this function: flush_icache_range -> flush_icache_all -> sbi_remote_fence_i -> __sbi_rfence_v02 -> riscv_cpuid_to_hartid_mask The icache and dcache of the current cpu are never synchronized between the patching of riscv_cpuid_to_hartid_mask and calling this same function. So fix this by flushing the current cpu's icache before asking for the other cpus to do the same.
AI Analysis
Technical Summary
CVE-2021-47414 is a vulnerability identified in the Linux kernel specifically affecting the RISC-V architecture implementation. The issue arises during the kernel's function patching process, particularly when the ftrace subsystem attempts to patch the function riscv_cpuid_to_hartid_mask. The vulnerability manifests as an illegal instruction exception leading to a kernel panic and system crash. The root cause is a failure to properly synchronize the instruction cache (icache) of the current CPU before requesting other CPUs to flush their caches. The patch_text_nosync function modifies instructions and calls flush_icache_range, which cascades to flush_icache_all and eventually to sbi_remote_fence_i and __sbi_rfence_v02. However, the current CPU's icache and data cache are not flushed before invoking riscv_cpuid_to_hartid_mask, causing the CPU to execute stale or invalid instructions. This results in an illegal instruction fault and a kernel panic, effectively halting the system. The fix involves explicitly flushing the current CPU's icache before triggering remote CPU cache flushes, ensuring cache coherency and preventing the illegal instruction execution. This vulnerability is specific to Linux kernel versions containing the affected commit (fab957c11efe2f405e08b9f0d080524bc2631428) and impacts systems running on SiFive HiFive Unmatched and potentially other RISC-V hardware platforms using the affected kernel versions. There are no known exploits in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-47414 is primarily on systems running Linux on RISC-V hardware, such as the SiFive HiFive Unmatched platform. While RISC-V adoption in Europe is currently limited compared to x86 and ARM architectures, this vulnerability could affect research institutions, embedded systems developers, and companies experimenting with or deploying RISC-V based solutions. The vulnerability leads to kernel panics and system crashes, causing denial of service (DoS) conditions. In critical infrastructure or industrial control systems using RISC-V Linux kernels, this could disrupt operations and lead to downtime. Additionally, the inability to patch kernel functions safely could hinder debugging and kernel tracing activities, impacting system stability and maintenance. Although no direct exploitation for privilege escalation or data compromise is indicated, the denial of service impact on availability can be significant in production environments. Organizations relying on RISC-V Linux systems must be aware of this flaw to avoid unexpected system failures.
Mitigation Recommendations
To mitigate CVE-2021-47414, European organizations should: 1) Update the Linux kernel to a version that includes the fix for this vulnerability, ensuring the patch that flushes the current CPU's icache before remote CPU cache flushes is applied. 2) For systems where immediate kernel updates are not feasible, avoid enabling or using ftrace or other kernel tracing features that trigger function patching on affected RISC-V platforms. 3) Conduct thorough testing of kernel updates in controlled environments to verify stability and absence of illegal instruction faults. 4) Monitor kernel logs for signs of illegal instruction exceptions or kernel panics related to riscv_cpuid_to_hartid_mask or ftrace activities. 5) Engage with hardware vendors and Linux distribution maintainers to obtain timely patches and guidance specific to RISC-V hardware. 6) For embedded or industrial deployments, implement redundancy and failover mechanisms to minimize downtime caused by potential kernel panics. 7) Maintain an inventory of RISC-V Linux systems to prioritize patching and risk assessment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2021-47414: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: [ 0.000000] ftrace: allocating 36610 entries in 144 pages [ 0.000000] Oops - illegal instruction [#1] [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5 [ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT) [ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] ra : __sbi_rfence_v02+0xc8/0x10a [ 0.000000] epc : ffffffff80007240 ra : ffffffff80009964 sp : ffffffff81803e10 [ 0.000000] gp : ffffffff81a1ea70 tp : ffffffff8180f500 t0 : ffffffe07fe30000 [ 0.000000] t1 : 0000000000000004 t2 : 0000000000000000 s0 : ffffffff81803e60 [ 0.000000] s1 : 0000000000000000 a0 : ffffffff81a22238 a1 : ffffffff81803e10 [ 0.000000] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 [ 0.000000] a5 : 0000000000000000 a6 : ffffffff8000989c a7 : 0000000052464e43 [ 0.000000] s2 : ffffffff81a220c8 s3 : 0000000000000000 s4 : 0000000000000000 [ 0.000000] s5 : 0000000000000000 s6 : 0000000200000100 s7 : 0000000000000001 [ 0.000000] s8 : ffffffe07fe04040 s9 : ffffffff81a22c80 s10: 0000000000001000 [ 0.000000] s11: 0000000000000004 t3 : 0000000000000001 t4 : 0000000000000008 [ 0.000000] t5 : ffffffcf04000808 t6 : ffffffe3ffddf188 [ 0.000000] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000002 [ 0.000000] [<ffffffff80007240>] riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000] [<ffffffff80009474>] sbi_remote_fence_i+0x1e/0x26 [ 0.000000] [<ffffffff8000b8f4>] flush_icache_all+0x12/0x1a [ 0.000000] [<ffffffff8000666c>] patch_text_nosync+0x26/0x32 [ 0.000000] [<ffffffff8000884e>] ftrace_init_nop+0x52/0x8c [ 0.000000] [<ffffffff800f051e>] ftrace_process_locs.isra.0+0x29c/0x360 [ 0.000000] [<ffffffff80a0e3c6>] ftrace_init+0x80/0x130 [ 0.000000] [<ffffffff80a00f8c>] start_kernel+0x5c4/0x8f6 [ 0.000000] ---[ end trace f67eb9af4d8d492b ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! [ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- While ftrace is looping over a list of addresses to patch, it always failed when patching the same function: riscv_cpuid_to_hartid_mask. Looking at the backtrace, the illegal instruction is encountered in this same function. However, patch_text_nosync, after patching the instructions, calls flush_icache_range. But looking at what happens in this function: flush_icache_range -> flush_icache_all -> sbi_remote_fence_i -> __sbi_rfence_v02 -> riscv_cpuid_to_hartid_mask The icache and dcache of the current cpu are never synchronized between the patching of riscv_cpuid_to_hartid_mask and calling this same function. So fix this by flushing the current cpu's icache before asking for the other cpus to do the same.
AI-Powered Analysis
Technical Analysis
CVE-2021-47414 is a vulnerability identified in the Linux kernel specifically affecting the RISC-V architecture implementation. The issue arises during the kernel's function patching process, particularly when the ftrace subsystem attempts to patch the function riscv_cpuid_to_hartid_mask. The vulnerability manifests as an illegal instruction exception leading to a kernel panic and system crash. The root cause is a failure to properly synchronize the instruction cache (icache) of the current CPU before requesting other CPUs to flush their caches. The patch_text_nosync function modifies instructions and calls flush_icache_range, which cascades to flush_icache_all and eventually to sbi_remote_fence_i and __sbi_rfence_v02. However, the current CPU's icache and data cache are not flushed before invoking riscv_cpuid_to_hartid_mask, causing the CPU to execute stale or invalid instructions. This results in an illegal instruction fault and a kernel panic, effectively halting the system. The fix involves explicitly flushing the current CPU's icache before triggering remote CPU cache flushes, ensuring cache coherency and preventing the illegal instruction execution. This vulnerability is specific to Linux kernel versions containing the affected commit (fab957c11efe2f405e08b9f0d080524bc2631428) and impacts systems running on SiFive HiFive Unmatched and potentially other RISC-V hardware platforms using the affected kernel versions. There are no known exploits in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-47414 is primarily on systems running Linux on RISC-V hardware, such as the SiFive HiFive Unmatched platform. While RISC-V adoption in Europe is currently limited compared to x86 and ARM architectures, this vulnerability could affect research institutions, embedded systems developers, and companies experimenting with or deploying RISC-V based solutions. The vulnerability leads to kernel panics and system crashes, causing denial of service (DoS) conditions. In critical infrastructure or industrial control systems using RISC-V Linux kernels, this could disrupt operations and lead to downtime. Additionally, the inability to patch kernel functions safely could hinder debugging and kernel tracing activities, impacting system stability and maintenance. Although no direct exploitation for privilege escalation or data compromise is indicated, the denial of service impact on availability can be significant in production environments. Organizations relying on RISC-V Linux systems must be aware of this flaw to avoid unexpected system failures.
Mitigation Recommendations
To mitigate CVE-2021-47414, European organizations should: 1) Update the Linux kernel to a version that includes the fix for this vulnerability, ensuring the patch that flushes the current CPU's icache before remote CPU cache flushes is applied. 2) For systems where immediate kernel updates are not feasible, avoid enabling or using ftrace or other kernel tracing features that trigger function patching on affected RISC-V platforms. 3) Conduct thorough testing of kernel updates in controlled environments to verify stability and absence of illegal instruction faults. 4) Monitor kernel logs for signs of illegal instruction exceptions or kernel panics related to riscv_cpuid_to_hartid_mask or ftrace activities. 5) Engage with hardware vendors and Linux distribution maintainers to obtain timely patches and guidance specific to RISC-V hardware. 6) For embedded or industrial deployments, implement redundancy and failover mechanisms to minimize downtime caused by potential kernel panics. 7) Maintain an inventory of RISC-V Linux systems to prioritize patching and risk assessment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:58:30.818Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe908f
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 12:40:35 PM
Last updated: 7/30/2025, 2:41:44 AM
Views: 13
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.