CVE-2021-47497: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x0/0x170 show_stack+0x24/0x30 dump_stack_lvl+0x64/0x7c dump_stack+0x18/0x38 ubsan_epilogue+0x10/0x54 __ubsan_handle_shift_out_of_bounds+0x180/0x194 __nvmem_cell_read+0x1ec/0x21c nvmem_cell_read+0x58/0x94 nvmem_cell_read_variable_common+0x4c/0xb0 nvmem_cell_read_variable_le_u32+0x40/0x100 a6xx_gpu_init+0x170/0x2f4 adreno_bind+0x174/0x284 component_bind_all+0xf0/0x264 msm_drm_bind+0x1d8/0x7a0 try_to_bring_up_master+0x164/0x1ac __component_add+0xbc/0x13c component_add+0x20/0x2c dp_display_probe+0x340/0x384 platform_probe+0xc0/0x100 really_probe+0x110/0x304 __driver_probe_device+0xb8/0x120 driver_probe_device+0x4c/0xfc __device_attach_driver+0xb0/0x128 bus_for_each_drv+0x90/0xdc __device_attach+0xc8/0x174 device_initial_probe+0x20/0x2c bus_probe_device+0x40/0xa4 deferred_probe_work_func+0x7c/0xb8 process_one_work+0x128/0x21c process_scheduled_works+0x40/0x54 worker_thread+0x1ec/0x2a8 kthread+0x138/0x158 ret_from_fork+0x10/0x20 Fix it by making sure there are any bits to mask out.
AI Analysis
Technical Summary
CVE-2021-47497 is a vulnerability identified in the Linux kernel's nvmem subsystem, specifically related to improper handling of bit shifts in the nvmem cell read logic. The issue arises when a cell's 'nbits' value is a multiple of BITS_PER_BYTE (typically 8 bits). In such cases, the expression used to mask bits, '*p &= GENMASK((cell->nbits % BITS_PER_BYTE) - 1, 0);', results in an undefined behavior due to a shift operation with an out-of-bounds shift count. Specifically, when 'nbits % BITS_PER_BYTE' equals zero, subtracting one leads to a large unsigned integer used as a shift count, which exceeds the size of the unsigned long type. This triggers a shift-out-of-bounds error detected by the Undefined Behavior Sanitizer (UBSAN), potentially causing kernel crashes or unpredictable behavior. The vulnerability is located in drivers/nvmem/core.c and affects the function __nvmem_cell_read and related calls during device initialization and probing, as evidenced by the provided kernel stack trace. The root cause is a missing check to ensure that the number of bits to mask is greater than zero before performing the bitwise operation. The fix involves adding a condition to verify that there are bits to mask out, preventing the invalid shift operation. Although no known exploits are reported in the wild, the vulnerability could lead to kernel instability or denial of service if triggered. The affected versions correspond to specific Linux kernel commits identified by the hash 69aba7948cbe53f2f1827e84e9dd0ae470a5072e, indicating that this issue was present in certain kernel releases prior to the patch. No CVSS score has been assigned to this vulnerability yet.
Potential Impact
For European organizations, the impact of CVE-2021-47497 primarily concerns system stability and availability. Since the vulnerability can cause undefined behavior and potential kernel crashes during device probing or initialization, it may lead to denial of service conditions on affected Linux systems. This is particularly relevant for servers, embedded devices, and infrastructure running Linux kernels with the vulnerable nvmem driver code. Organizations relying on Linux-based systems for critical operations, including cloud services, telecommunications, industrial control systems, and IoT deployments, could experience service interruptions or degraded performance. Although there is no evidence of privilege escalation or remote code execution, the instability could be exploited as part of a larger attack chain or cause operational disruptions. The lack of known exploits reduces immediate risk, but the widespread use of Linux in Europe means that unpatched systems remain vulnerable. Additionally, the vulnerability affects kernel-level code, which is fundamental to system operation, increasing the severity of potential disruptions. European organizations with strict uptime requirements or those operating critical infrastructure should prioritize addressing this vulnerability to maintain system reliability and security compliance.
Mitigation Recommendations
To mitigate CVE-2021-47497, European organizations should: 1) Apply the official Linux kernel patches that fix the nvmem bit-shift issue as soon as they become available from trusted sources or Linux distribution vendors. 2) Regularly update Linux kernels to the latest stable versions to incorporate security fixes and improvements. 3) For embedded or specialized systems where kernel updates are challenging, consider backporting the patch or applying vendor-provided firmware updates. 4) Implement rigorous testing of kernel updates in staging environments to ensure compatibility and stability before deployment. 5) Monitor system logs for UBSAN or kernel warnings related to shift-out-of-bounds errors, which may indicate attempts to trigger this vulnerability. 6) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and secure boot to reduce the attack surface. 7) Maintain comprehensive backup and recovery procedures to minimize downtime in case of kernel crashes. 8) Coordinate with hardware and software vendors to confirm that device drivers interacting with nvmem cells are updated accordingly. These steps go beyond generic advice by emphasizing proactive patch management, monitoring for specific error signatures, and ensuring compatibility in complex environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Poland, Belgium
CVE-2021-47497: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x0/0x170 show_stack+0x24/0x30 dump_stack_lvl+0x64/0x7c dump_stack+0x18/0x38 ubsan_epilogue+0x10/0x54 __ubsan_handle_shift_out_of_bounds+0x180/0x194 __nvmem_cell_read+0x1ec/0x21c nvmem_cell_read+0x58/0x94 nvmem_cell_read_variable_common+0x4c/0xb0 nvmem_cell_read_variable_le_u32+0x40/0x100 a6xx_gpu_init+0x170/0x2f4 adreno_bind+0x174/0x284 component_bind_all+0xf0/0x264 msm_drm_bind+0x1d8/0x7a0 try_to_bring_up_master+0x164/0x1ac __component_add+0xbc/0x13c component_add+0x20/0x2c dp_display_probe+0x340/0x384 platform_probe+0xc0/0x100 really_probe+0x110/0x304 __driver_probe_device+0xb8/0x120 driver_probe_device+0x4c/0xfc __device_attach_driver+0xb0/0x128 bus_for_each_drv+0x90/0xdc __device_attach+0xc8/0x174 device_initial_probe+0x20/0x2c bus_probe_device+0x40/0xa4 deferred_probe_work_func+0x7c/0xb8 process_one_work+0x128/0x21c process_scheduled_works+0x40/0x54 worker_thread+0x1ec/0x2a8 kthread+0x138/0x158 ret_from_fork+0x10/0x20 Fix it by making sure there are any bits to mask out.
AI-Powered Analysis
Technical Analysis
CVE-2021-47497 is a vulnerability identified in the Linux kernel's nvmem subsystem, specifically related to improper handling of bit shifts in the nvmem cell read logic. The issue arises when a cell's 'nbits' value is a multiple of BITS_PER_BYTE (typically 8 bits). In such cases, the expression used to mask bits, '*p &= GENMASK((cell->nbits % BITS_PER_BYTE) - 1, 0);', results in an undefined behavior due to a shift operation with an out-of-bounds shift count. Specifically, when 'nbits % BITS_PER_BYTE' equals zero, subtracting one leads to a large unsigned integer used as a shift count, which exceeds the size of the unsigned long type. This triggers a shift-out-of-bounds error detected by the Undefined Behavior Sanitizer (UBSAN), potentially causing kernel crashes or unpredictable behavior. The vulnerability is located in drivers/nvmem/core.c and affects the function __nvmem_cell_read and related calls during device initialization and probing, as evidenced by the provided kernel stack trace. The root cause is a missing check to ensure that the number of bits to mask is greater than zero before performing the bitwise operation. The fix involves adding a condition to verify that there are bits to mask out, preventing the invalid shift operation. Although no known exploits are reported in the wild, the vulnerability could lead to kernel instability or denial of service if triggered. The affected versions correspond to specific Linux kernel commits identified by the hash 69aba7948cbe53f2f1827e84e9dd0ae470a5072e, indicating that this issue was present in certain kernel releases prior to the patch. No CVSS score has been assigned to this vulnerability yet.
Potential Impact
For European organizations, the impact of CVE-2021-47497 primarily concerns system stability and availability. Since the vulnerability can cause undefined behavior and potential kernel crashes during device probing or initialization, it may lead to denial of service conditions on affected Linux systems. This is particularly relevant for servers, embedded devices, and infrastructure running Linux kernels with the vulnerable nvmem driver code. Organizations relying on Linux-based systems for critical operations, including cloud services, telecommunications, industrial control systems, and IoT deployments, could experience service interruptions or degraded performance. Although there is no evidence of privilege escalation or remote code execution, the instability could be exploited as part of a larger attack chain or cause operational disruptions. The lack of known exploits reduces immediate risk, but the widespread use of Linux in Europe means that unpatched systems remain vulnerable. Additionally, the vulnerability affects kernel-level code, which is fundamental to system operation, increasing the severity of potential disruptions. European organizations with strict uptime requirements or those operating critical infrastructure should prioritize addressing this vulnerability to maintain system reliability and security compliance.
Mitigation Recommendations
To mitigate CVE-2021-47497, European organizations should: 1) Apply the official Linux kernel patches that fix the nvmem bit-shift issue as soon as they become available from trusted sources or Linux distribution vendors. 2) Regularly update Linux kernels to the latest stable versions to incorporate security fixes and improvements. 3) For embedded or specialized systems where kernel updates are challenging, consider backporting the patch or applying vendor-provided firmware updates. 4) Implement rigorous testing of kernel updates in staging environments to ensure compatibility and stability before deployment. 5) Monitor system logs for UBSAN or kernel warnings related to shift-out-of-bounds errors, which may indicate attempts to trigger this vulnerability. 6) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and secure boot to reduce the attack surface. 7) Maintain comprehensive backup and recovery procedures to minimize downtime in case of kernel crashes. 8) Coordinate with hardware and software vendors to confirm that device drivers interacting with nvmem cells are updated accordingly. These steps go beyond generic advice by emphasizing proactive patch management, monitoring for specific error signatures, and ensuring compatibility in complex environments.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-22T06:20:56.203Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe92a4
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 1:42:22 PM
Last updated: 8/13/2025, 5:49:42 PM
Views: 12
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.