CVE-2021-47440: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection fault in encx24j600_spi_probe KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 286 Comm: spi-encx24j600- Not tainted 5.15.0-rc2-00142-g9978db750e31-dirty #11 9c53a778c1306b1b02359f3c2bbedc0222cba652 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:regcache_cache_bypass drivers/base/regmap/regcache.c:540 Code: 54 41 89 f4 55 53 48 89 fb 48 83 ec 08 e8 26 94 a8 fe 48 8d bb a0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4a 03 00 00 4c 8d ab b0 00 00 00 48 8b ab a0 00 RSP: 0018:ffffc900010476b8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: 0000000000000000 RDX: 0000000000000012 RSI: ffff888002de0000 RDI: 0000000000000094 RBP: ffff888013c9a000 R08: 0000000000000000 R09: fffffbfff3f9cc6a R10: ffffc900010476e8 R11: fffffbfff3f9cc69 R12: 0000000000000001 R13: 000000000000000a R14: ffff888013c9af54 R15: ffff888013c9ad08 FS: 00007ffa984ab580(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a6384136c8 CR3: 000000003bbe6003 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: encx24j600_spi_probe drivers/net/ethernet/microchip/encx24j600.c:459 spi_probe drivers/spi/spi.c:397 really_probe drivers/base/dd.c:517 __driver_probe_device drivers/base/dd.c:751 driver_probe_device drivers/base/dd.c:782 __device_attach_driver drivers/base/dd.c:899 bus_for_each_drv drivers/base/bus.c:427 __device_attach drivers/base/dd.c:971 bus_probe_device drivers/base/bus.c:487 device_add drivers/base/core.c:3364 __spi_add_device drivers/spi/spi.c:599 spi_add_device drivers/spi/spi.c:641 spi_new_device drivers/spi/spi.c:717 new_device_store+0x18c/0x1f1 [spi_stub 4e02719357f1ff33f5a43d00630982840568e85e] dev_attr_store drivers/base/core.c:2074 sysfs_kf_write fs/sysfs/file.c:139 kernfs_fop_write_iter fs/kernfs/file.c:300 new_sync_write fs/read_write.c:508 (discriminator 4) vfs_write fs/read_write.c:594 ksys_write fs/read_write.c:648 do_syscall_64 arch/x86/entry/common.c:50 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:113 Add error check in devm_regmap_init_encx24j600 to avoid this situation.
AI Analysis
Technical Summary
CVE-2021-47440 is a vulnerability identified in the Linux kernel specifically within the encx24j600 network driver, which handles the Microchip ENC28J60 family of SPI Ethernet controllers. The root cause of the vulnerability lies in the function devm_regmap_init_encx24j600, which initializes a register map for the device. This function can return an error, for example due to an out-of-memory condition, but the error return value was not properly checked. As a result, subsequent code attempts to dereference a null pointer when reading or writing device registers, leading to a general protection fault and kernel crash. The issue manifests as a null pointer dereference (CWE-476) during the SPI probe phase of the encx24j600 driver, causing a kernel panic or system crash. The vulnerability was identified and fixed by adding proper error checking in devm_regmap_init_encx24j600 to prevent null pointer dereference. The affected Linux kernel versions include those around the 5.15.0-rc2 release candidate, and the problem is triggered during device initialization of the SPI Ethernet controller. Exploitation requires local privileges with high-level permissions (PR:H) and does not require user interaction. The CVSS v3.1 base score is 2.3, indicating low severity, primarily because the impact is limited to availability (denial of service) without affecting confidentiality or integrity. There are no known exploits in the wild, and the vulnerability does not allow remote code execution or privilege escalation. The vulnerability is technical and specific to systems using the encx24j600 SPI Ethernet driver, which is a niche hardware component used in embedded or specialized Linux environments.
Potential Impact
For European organizations, the impact of CVE-2021-47440 is generally limited due to the low severity and specific hardware dependency. The vulnerability causes a denial of service by crashing the Linux kernel when the encx24j600 SPI Ethernet controller is initialized and the error is not handled properly. This could lead to system instability or downtime on affected embedded devices or specialized network equipment using this driver. However, the encx24j600 hardware is not widely deployed in mainstream enterprise servers or desktops, so the scope of impact is narrow. Organizations relying on embedded Linux systems in industrial control, IoT, or networking appliances that use this specific Ethernet controller could experience service interruptions or require system reboots. Since exploitation requires local high privileges, attackers would need to have already compromised the system or have administrative access, limiting the threat to insider attacks or chained exploits. Confidentiality and integrity of data are not impacted. Overall, the threat is primarily a stability and availability concern for niche embedded Linux deployments within European organizations.
Mitigation Recommendations
To mitigate CVE-2021-47440, organizations should ensure that Linux kernel versions are updated to include the patch that adds error checking in devm_regmap_init_encx24j600. Specifically: 1. Upgrade to a Linux kernel version released after the fix was applied (post 5.15.0-rc2) or apply the vendor-provided patch if using custom kernels. 2. Audit embedded devices and network appliances to identify those using the encx24j600 SPI Ethernet controller and verify kernel versions. 3. For devices where kernel upgrades are not immediately feasible, consider disabling or blacklisting the encx24j600 driver if the hardware is not in use. 4. Implement strict access controls to limit local administrative privileges, reducing the risk of exploitation by unauthorized users. 5. Monitor system logs for kernel panics or general protection faults related to encx24j600_spi_probe as indicators of attempted exploitation or instability. 6. Engage with hardware vendors to confirm firmware and driver updates are available and applied. These steps go beyond generic advice by focusing on the specific driver and hardware affected, emphasizing kernel patching, device inventory, and privilege management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2021-47440: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection fault in encx24j600_spi_probe KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 286 Comm: spi-encx24j600- Not tainted 5.15.0-rc2-00142-g9978db750e31-dirty #11 9c53a778c1306b1b02359f3c2bbedc0222cba652 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:regcache_cache_bypass drivers/base/regmap/regcache.c:540 Code: 54 41 89 f4 55 53 48 89 fb 48 83 ec 08 e8 26 94 a8 fe 48 8d bb a0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4a 03 00 00 4c 8d ab b0 00 00 00 48 8b ab a0 00 RSP: 0018:ffffc900010476b8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: 0000000000000000 RDX: 0000000000000012 RSI: ffff888002de0000 RDI: 0000000000000094 RBP: ffff888013c9a000 R08: 0000000000000000 R09: fffffbfff3f9cc6a R10: ffffc900010476e8 R11: fffffbfff3f9cc69 R12: 0000000000000001 R13: 000000000000000a R14: ffff888013c9af54 R15: ffff888013c9ad08 FS: 00007ffa984ab580(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a6384136c8 CR3: 000000003bbe6003 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: encx24j600_spi_probe drivers/net/ethernet/microchip/encx24j600.c:459 spi_probe drivers/spi/spi.c:397 really_probe drivers/base/dd.c:517 __driver_probe_device drivers/base/dd.c:751 driver_probe_device drivers/base/dd.c:782 __device_attach_driver drivers/base/dd.c:899 bus_for_each_drv drivers/base/bus.c:427 __device_attach drivers/base/dd.c:971 bus_probe_device drivers/base/bus.c:487 device_add drivers/base/core.c:3364 __spi_add_device drivers/spi/spi.c:599 spi_add_device drivers/spi/spi.c:641 spi_new_device drivers/spi/spi.c:717 new_device_store+0x18c/0x1f1 [spi_stub 4e02719357f1ff33f5a43d00630982840568e85e] dev_attr_store drivers/base/core.c:2074 sysfs_kf_write fs/sysfs/file.c:139 kernfs_fop_write_iter fs/kernfs/file.c:300 new_sync_write fs/read_write.c:508 (discriminator 4) vfs_write fs/read_write.c:594 ksys_write fs/read_write.c:648 do_syscall_64 arch/x86/entry/common.c:50 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:113 Add error check in devm_regmap_init_encx24j600 to avoid this situation.
AI-Powered Analysis
Technical Analysis
CVE-2021-47440 is a vulnerability identified in the Linux kernel specifically within the encx24j600 network driver, which handles the Microchip ENC28J60 family of SPI Ethernet controllers. The root cause of the vulnerability lies in the function devm_regmap_init_encx24j600, which initializes a register map for the device. This function can return an error, for example due to an out-of-memory condition, but the error return value was not properly checked. As a result, subsequent code attempts to dereference a null pointer when reading or writing device registers, leading to a general protection fault and kernel crash. The issue manifests as a null pointer dereference (CWE-476) during the SPI probe phase of the encx24j600 driver, causing a kernel panic or system crash. The vulnerability was identified and fixed by adding proper error checking in devm_regmap_init_encx24j600 to prevent null pointer dereference. The affected Linux kernel versions include those around the 5.15.0-rc2 release candidate, and the problem is triggered during device initialization of the SPI Ethernet controller. Exploitation requires local privileges with high-level permissions (PR:H) and does not require user interaction. The CVSS v3.1 base score is 2.3, indicating low severity, primarily because the impact is limited to availability (denial of service) without affecting confidentiality or integrity. There are no known exploits in the wild, and the vulnerability does not allow remote code execution or privilege escalation. The vulnerability is technical and specific to systems using the encx24j600 SPI Ethernet driver, which is a niche hardware component used in embedded or specialized Linux environments.
Potential Impact
For European organizations, the impact of CVE-2021-47440 is generally limited due to the low severity and specific hardware dependency. The vulnerability causes a denial of service by crashing the Linux kernel when the encx24j600 SPI Ethernet controller is initialized and the error is not handled properly. This could lead to system instability or downtime on affected embedded devices or specialized network equipment using this driver. However, the encx24j600 hardware is not widely deployed in mainstream enterprise servers or desktops, so the scope of impact is narrow. Organizations relying on embedded Linux systems in industrial control, IoT, or networking appliances that use this specific Ethernet controller could experience service interruptions or require system reboots. Since exploitation requires local high privileges, attackers would need to have already compromised the system or have administrative access, limiting the threat to insider attacks or chained exploits. Confidentiality and integrity of data are not impacted. Overall, the threat is primarily a stability and availability concern for niche embedded Linux deployments within European organizations.
Mitigation Recommendations
To mitigate CVE-2021-47440, organizations should ensure that Linux kernel versions are updated to include the patch that adds error checking in devm_regmap_init_encx24j600. Specifically: 1. Upgrade to a Linux kernel version released after the fix was applied (post 5.15.0-rc2) or apply the vendor-provided patch if using custom kernels. 2. Audit embedded devices and network appliances to identify those using the encx24j600 SPI Ethernet controller and verify kernel versions. 3. For devices where kernel upgrades are not immediately feasible, consider disabling or blacklisting the encx24j600 driver if the hardware is not in use. 4. Implement strict access controls to limit local administrative privileges, reducing the risk of exploitation by unauthorized users. 5. Monitor system logs for kernel panics or general protection faults related to encx24j600_spi_probe as indicators of attempted exploitation or instability. 6. Engage with hardware vendors to confirm firmware and driver updates are available and applied. These steps go beyond generic advice by focusing on the specific driver and hardware affected, emphasizing kernel patching, device inventory, and privilege management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:58:30.831Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe9154
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 1:11:12 PM
Last updated: 7/21/2025, 6:19:06 AM
Views: 3
Related Threats
CVE-2025-8168: Buffer Overflow in D-Link DIR-513
HighCVE-2025-8167: Cross Site Scripting in code-projects Church Donation System
MediumCVE-2025-46198: n/a
HighCVE-2025-8197: Out-of-bounds Write in Red Hat Red Hat Enterprise Linux 10
MediumCVE-2025-30135: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.