CVE-2021-47531: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that commit, we used to _first_ run through the drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant that we ran: vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); ...and _then_ we modified those mappings with our own. Now that `obj->funcs->mmap()` is no longer NULL we don't run the default code. It looks like the fact that the vm_flags got VM_IO / VM_DONTDUMP was important because we're now getting crashes on Chromebooks that use ARC++ while logging out. Specifically a crash that looks like this (this is on a 5.10 kernel w/ relevant backports but also seen on a 5.15 kernel): Unable to handle kernel paging request at virtual address ffffffc008000000 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000008293d000 [ffffffc008000000] pgd=00000001002b3003, p4d=00000001002b3003, pud=00000001002b3003, pmd=0000000000000000 Internal error: Oops: 96000006 [#1] PREEMPT SMP [...] CPU: 7 PID: 15734 Comm: crash_dump64 Tainted: G W 5.10.67 #1 [...] Hardware name: Qualcomm Technologies, Inc. sc7280 IDP SKU2 platform (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--) pc : __arch_copy_to_user+0xc0/0x30c lr : copyout+0xac/0x14c [...] Call trace: __arch_copy_to_user+0xc0/0x30c copy_page_to_iter+0x1a0/0x294 process_vm_rw_core+0x240/0x408 process_vm_rw+0x110/0x16c __arm64_sys_process_vm_readv+0x30/0x3c el0_svc_common+0xf8/0x250 do_el0_svc+0x30/0x80 el0_svc+0x10/0x1c el0_sync_handler+0x78/0x108 el0_sync+0x184/0x1c0 Code: f8408423 f80008c3 910020c6 36100082 (b8404423) Let's add the two flags back in. While we're at it, the fact that we aren't running the default means that we _don't_ need to clear out VM_PFNMAP, so remove that and save an instruction. NOTE: it was confirmed that VM_IO was the important flag to fix the problem I was seeing, but adding back VM_DONTDUMP seems like a sane thing to do so I'm doing that too.
AI Analysis
Technical Summary
CVE-2021-47531 is a vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the msm (Qualcomm Snapdragon) driver component. The issue arises from a regression introduced in commit 510410bfc034, which implemented a new method for handling memory mapping (mmap) of GEM (Graphics Execution Manager) objects. Previously, when the mmap function pointer was NULL, the kernel would set specific virtual memory area (VMA) flags including VM_IO and VM_DONTDUMP, which are critical for proper memory handling and stability. However, the new implementation bypassed this default code path, resulting in these flags not being set. This omission led to kernel crashes on devices such as Chromebooks using ARC++ when logging out, due to improper handling of memory mappings. The crash manifests as a kernel paging request failure with detailed ARM64 architecture-specific abort information, indicating a serious memory access violation. The fix involves restoring the VM_IO and VM_DONTDUMP flags to the VMA, which prevents these crashes. Additionally, the patch removes the clearing of VM_PFNMAP as it is no longer necessary, optimizing the code. This vulnerability is not known to be exploited in the wild and affects Linux kernel versions around 5.10 and 5.15 with the relevant backports. The root cause is a subtle but critical memory management regression in the DRM msm driver, impacting system stability on affected hardware platforms.
Potential Impact
For European organizations, the impact of CVE-2021-47531 primarily concerns systems running Linux kernels with the affected msm DRM driver, particularly on devices using Qualcomm Snapdragon chipsets such as certain Chromebooks and embedded systems. The vulnerability causes kernel crashes leading to denial of service (DoS) conditions, which can disrupt business operations, especially in environments relying on these devices for critical tasks or user access. While this vulnerability does not directly expose data confidentiality or integrity risks, the resulting system instability can cause service interruptions, data loss due to improper shutdowns, and increased operational costs for recovery and troubleshooting. Organizations deploying Linux-based devices in user-facing roles or embedded applications in industrial or IoT contexts may experience degraded reliability. The lack of known exploits reduces immediate risk, but the potential for future exploitation or triggering of crashes by malicious actors or faulty software remains. European enterprises with Chromebook deployments or embedded Linux devices using Qualcomm hardware should prioritize patching to maintain system stability and avoid operational disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patches that restore the VM_IO and VM_DONTDUMP flags in the drm/msm mmap implementation as soon as they are available for your kernel version. 2. For organizations using Chromebooks or embedded devices with Qualcomm Snapdragon chipsets, ensure firmware and kernel updates include this fix. 3. Monitor kernel updates from your Linux distribution vendors and test patches in controlled environments before wide deployment to avoid regressions. 4. Implement robust system monitoring to detect kernel crashes or abnormal reboots that may indicate this or related issues. 5. Where possible, limit user privileges and restrict access to vulnerable devices to reduce the risk of triggering the vulnerability through untrusted code. 6. Maintain up-to-date backups and incident response plans to quickly recover from potential DoS conditions caused by kernel crashes. 7. Engage with hardware and software vendors to confirm the inclusion of this fix in their supported releases and coordinate timely updates.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium
CVE-2021-47531: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that commit, we used to _first_ run through the drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant that we ran: vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); ...and _then_ we modified those mappings with our own. Now that `obj->funcs->mmap()` is no longer NULL we don't run the default code. It looks like the fact that the vm_flags got VM_IO / VM_DONTDUMP was important because we're now getting crashes on Chromebooks that use ARC++ while logging out. Specifically a crash that looks like this (this is on a 5.10 kernel w/ relevant backports but also seen on a 5.15 kernel): Unable to handle kernel paging request at virtual address ffffffc008000000 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000008293d000 [ffffffc008000000] pgd=00000001002b3003, p4d=00000001002b3003, pud=00000001002b3003, pmd=0000000000000000 Internal error: Oops: 96000006 [#1] PREEMPT SMP [...] CPU: 7 PID: 15734 Comm: crash_dump64 Tainted: G W 5.10.67 #1 [...] Hardware name: Qualcomm Technologies, Inc. sc7280 IDP SKU2 platform (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--) pc : __arch_copy_to_user+0xc0/0x30c lr : copyout+0xac/0x14c [...] Call trace: __arch_copy_to_user+0xc0/0x30c copy_page_to_iter+0x1a0/0x294 process_vm_rw_core+0x240/0x408 process_vm_rw+0x110/0x16c __arm64_sys_process_vm_readv+0x30/0x3c el0_svc_common+0xf8/0x250 do_el0_svc+0x30/0x80 el0_svc+0x10/0x1c el0_sync_handler+0x78/0x108 el0_sync+0x184/0x1c0 Code: f8408423 f80008c3 910020c6 36100082 (b8404423) Let's add the two flags back in. While we're at it, the fact that we aren't running the default means that we _don't_ need to clear out VM_PFNMAP, so remove that and save an instruction. NOTE: it was confirmed that VM_IO was the important flag to fix the problem I was seeing, but adding back VM_DONTDUMP seems like a sane thing to do so I'm doing that too.
AI-Powered Analysis
Technical Analysis
CVE-2021-47531 is a vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the msm (Qualcomm Snapdragon) driver component. The issue arises from a regression introduced in commit 510410bfc034, which implemented a new method for handling memory mapping (mmap) of GEM (Graphics Execution Manager) objects. Previously, when the mmap function pointer was NULL, the kernel would set specific virtual memory area (VMA) flags including VM_IO and VM_DONTDUMP, which are critical for proper memory handling and stability. However, the new implementation bypassed this default code path, resulting in these flags not being set. This omission led to kernel crashes on devices such as Chromebooks using ARC++ when logging out, due to improper handling of memory mappings. The crash manifests as a kernel paging request failure with detailed ARM64 architecture-specific abort information, indicating a serious memory access violation. The fix involves restoring the VM_IO and VM_DONTDUMP flags to the VMA, which prevents these crashes. Additionally, the patch removes the clearing of VM_PFNMAP as it is no longer necessary, optimizing the code. This vulnerability is not known to be exploited in the wild and affects Linux kernel versions around 5.10 and 5.15 with the relevant backports. The root cause is a subtle but critical memory management regression in the DRM msm driver, impacting system stability on affected hardware platforms.
Potential Impact
For European organizations, the impact of CVE-2021-47531 primarily concerns systems running Linux kernels with the affected msm DRM driver, particularly on devices using Qualcomm Snapdragon chipsets such as certain Chromebooks and embedded systems. The vulnerability causes kernel crashes leading to denial of service (DoS) conditions, which can disrupt business operations, especially in environments relying on these devices for critical tasks or user access. While this vulnerability does not directly expose data confidentiality or integrity risks, the resulting system instability can cause service interruptions, data loss due to improper shutdowns, and increased operational costs for recovery and troubleshooting. Organizations deploying Linux-based devices in user-facing roles or embedded applications in industrial or IoT contexts may experience degraded reliability. The lack of known exploits reduces immediate risk, but the potential for future exploitation or triggering of crashes by malicious actors or faulty software remains. European enterprises with Chromebook deployments or embedded Linux devices using Qualcomm hardware should prioritize patching to maintain system stability and avoid operational disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patches that restore the VM_IO and VM_DONTDUMP flags in the drm/msm mmap implementation as soon as they are available for your kernel version. 2. For organizations using Chromebooks or embedded devices with Qualcomm Snapdragon chipsets, ensure firmware and kernel updates include this fix. 3. Monitor kernel updates from your Linux distribution vendors and test patches in controlled environments before wide deployment to avoid regressions. 4. Implement robust system monitoring to detect kernel crashes or abnormal reboots that may indicate this or related issues. 5. Where possible, limit user privileges and restrict access to vulnerable devices to reduce the risk of triggering the vulnerability through untrusted code. 6. Maintain up-to-date backups and incident response plans to quickly recover from potential DoS conditions caused by kernel crashes. 7. Engage with hardware and software vendors to confirm the inclusion of this fix in their supported releases and coordinate timely updates.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:02:54.826Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe93af
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:25:15 PM
Last updated: 7/30/2025, 8:44:47 AM
Views: 21
Related Threats
CVE-2025-8991: Business Logic Errors in linlinjava litemall
MediumCVE-2025-8990: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-8940: Buffer Overflow in Tenda AC20
HighCVE-2025-8939: Buffer Overflow in Tenda AC20
HighCVE-2025-50518: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.