CVE-2021-47535: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the memory allocation for the array. That leads to a KASAN warning (this was on the chromeos-5.4 kernel, which has the problematic commit backported to it): BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430 Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209 CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22 Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT) Call trace: dump_backtrace+0x0/0x248 show_stack+0x20/0x2c dump_stack+0x128/0x1ec print_address_description+0x88/0x4a0 __kasan_report+0xfc/0x120 kasan_report+0x10/0x18 __asan_report_store8_noabort+0x1c/0x24 _a6xx_get_gmu_registers+0x144/0x430 a6xx_gpu_state_get+0x330/0x25d4 msm_gpu_crashstate_capture+0xa0/0x84c recover_worker+0x328/0x838 kthread_worker_fn+0x32c/0x574 kthread+0x2dc/0x39c ret_from_fork+0x10/0x18 Allocated by task 209: __kasan_kmalloc+0xfc/0x1c4 kasan_kmalloc+0xc/0x14 kmem_cache_alloc_trace+0x1f0/0x2a0 a6xx_gpu_state_get+0x164/0x25d4 msm_gpu_crashstate_capture+0xa0/0x84c recover_worker+0x328/0x838 kthread_worker_fn+0x32c/0x574 kthread+0x2dc/0x39c ret_from_fork+0x10/0x18
AI Analysis
Technical Summary
CVE-2021-47535 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for Qualcomm Adreno 6xx series GPUs (a6xx). The issue arises from improper memory allocation in the function a6xx_get_gmu_registers(), which is responsible for reading GMU (Graphics Management Unit) registers. A recent commit (142639a52a01) intended to enhance the function to read three sets of registers failed to adjust the allocated memory size accordingly. This mismatch leads to a slab-out-of-bounds write detected by Kernel Address Sanitizer (KASAN), indicating a buffer overflow condition. The vulnerability is categorized under CWE-787 (Out-of-bounds Write). The impact is an out-of-bounds write in kernel space, which can cause a kernel crash (denial of service) or potentially be leveraged for privilege escalation or arbitrary code execution, although no direct evidence of exploitation in the wild exists. The CVSS v3.1 base score is 6.2 (medium severity), reflecting that the attack vector is local (AV:L), requires no privileges (PR:N), and no user interaction (UI:N), but impacts availability (A:H) without affecting confidentiality or integrity. The vulnerability affects Linux kernel versions containing the problematic commit, including backported versions such as chromeos-5.4. The flaw manifests during GPU crash state capture routines, which are triggered by kernel worker threads, potentially impacting devices using Qualcomm Adreno 6xx GPUs running affected Linux kernels. No official patches are linked in the provided data, but the issue is resolved in later kernel revisions by correcting the memory allocation size to match the number of registers read.
Potential Impact
For European organizations, the primary impact of CVE-2021-47535 is the risk of denial of service on systems running affected Linux kernels with Qualcomm Adreno 6xx GPUs. This could disrupt operations on embedded devices, mobile platforms, or specialized hardware using these GPUs, particularly in sectors relying on Linux-based systems such as telecommunications, automotive, industrial control, and consumer electronics. While the vulnerability does not directly compromise confidentiality or integrity, the kernel crash could cause service interruptions, data loss, or system instability. In environments where uptime and reliability are critical, such as healthcare, manufacturing, or critical infrastructure, this could have significant operational consequences. The lack of known exploits in the wild reduces immediate risk, but the medium severity and local attack vector mean that attackers with local access (e.g., insiders or malware with limited privileges) could trigger the vulnerability. European organizations deploying Linux on devices with these GPUs should be aware of this risk, especially if devices are used in sensitive or high-availability contexts.
Mitigation Recommendations
1. Update Linux kernels to versions where the vulnerability is patched, ensuring the memory allocation in a6xx_get_gmu_registers() matches the number of registers read. 2. For organizations unable to immediately update kernels, consider disabling or limiting GPU crash state capture features if feasible, to reduce the attack surface. 3. Implement strict access controls to limit local user access on affected systems, minimizing the risk of local exploitation. 4. Monitor system logs and kernel messages for KASAN warnings or unusual GPU crash reports that may indicate attempts to trigger the vulnerability. 5. Employ endpoint security solutions capable of detecting anomalous kernel behavior or local privilege escalation attempts. 6. Engage with hardware and Linux distribution vendors for timely patches and advisories specific to affected devices. 7. For embedded or specialized devices, coordinate with OEMs to ensure firmware and kernel updates are applied promptly. 8. Conduct internal audits to identify devices using Qualcomm Adreno 6xx GPUs running vulnerable kernels and prioritize remediation accordingly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2021-47535: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the memory allocation for the array. That leads to a KASAN warning (this was on the chromeos-5.4 kernel, which has the problematic commit backported to it): BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430 Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209 CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22 Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT) Call trace: dump_backtrace+0x0/0x248 show_stack+0x20/0x2c dump_stack+0x128/0x1ec print_address_description+0x88/0x4a0 __kasan_report+0xfc/0x120 kasan_report+0x10/0x18 __asan_report_store8_noabort+0x1c/0x24 _a6xx_get_gmu_registers+0x144/0x430 a6xx_gpu_state_get+0x330/0x25d4 msm_gpu_crashstate_capture+0xa0/0x84c recover_worker+0x328/0x838 kthread_worker_fn+0x32c/0x574 kthread+0x2dc/0x39c ret_from_fork+0x10/0x18 Allocated by task 209: __kasan_kmalloc+0xfc/0x1c4 kasan_kmalloc+0xc/0x14 kmem_cache_alloc_trace+0x1f0/0x2a0 a6xx_gpu_state_get+0x164/0x25d4 msm_gpu_crashstate_capture+0xa0/0x84c recover_worker+0x328/0x838 kthread_worker_fn+0x32c/0x574 kthread+0x2dc/0x39c ret_from_fork+0x10/0x18
AI-Powered Analysis
Technical Analysis
CVE-2021-47535 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for Qualcomm Adreno 6xx series GPUs (a6xx). The issue arises from improper memory allocation in the function a6xx_get_gmu_registers(), which is responsible for reading GMU (Graphics Management Unit) registers. A recent commit (142639a52a01) intended to enhance the function to read three sets of registers failed to adjust the allocated memory size accordingly. This mismatch leads to a slab-out-of-bounds write detected by Kernel Address Sanitizer (KASAN), indicating a buffer overflow condition. The vulnerability is categorized under CWE-787 (Out-of-bounds Write). The impact is an out-of-bounds write in kernel space, which can cause a kernel crash (denial of service) or potentially be leveraged for privilege escalation or arbitrary code execution, although no direct evidence of exploitation in the wild exists. The CVSS v3.1 base score is 6.2 (medium severity), reflecting that the attack vector is local (AV:L), requires no privileges (PR:N), and no user interaction (UI:N), but impacts availability (A:H) without affecting confidentiality or integrity. The vulnerability affects Linux kernel versions containing the problematic commit, including backported versions such as chromeos-5.4. The flaw manifests during GPU crash state capture routines, which are triggered by kernel worker threads, potentially impacting devices using Qualcomm Adreno 6xx GPUs running affected Linux kernels. No official patches are linked in the provided data, but the issue is resolved in later kernel revisions by correcting the memory allocation size to match the number of registers read.
Potential Impact
For European organizations, the primary impact of CVE-2021-47535 is the risk of denial of service on systems running affected Linux kernels with Qualcomm Adreno 6xx GPUs. This could disrupt operations on embedded devices, mobile platforms, or specialized hardware using these GPUs, particularly in sectors relying on Linux-based systems such as telecommunications, automotive, industrial control, and consumer electronics. While the vulnerability does not directly compromise confidentiality or integrity, the kernel crash could cause service interruptions, data loss, or system instability. In environments where uptime and reliability are critical, such as healthcare, manufacturing, or critical infrastructure, this could have significant operational consequences. The lack of known exploits in the wild reduces immediate risk, but the medium severity and local attack vector mean that attackers with local access (e.g., insiders or malware with limited privileges) could trigger the vulnerability. European organizations deploying Linux on devices with these GPUs should be aware of this risk, especially if devices are used in sensitive or high-availability contexts.
Mitigation Recommendations
1. Update Linux kernels to versions where the vulnerability is patched, ensuring the memory allocation in a6xx_get_gmu_registers() matches the number of registers read. 2. For organizations unable to immediately update kernels, consider disabling or limiting GPU crash state capture features if feasible, to reduce the attack surface. 3. Implement strict access controls to limit local user access on affected systems, minimizing the risk of local exploitation. 4. Monitor system logs and kernel messages for KASAN warnings or unusual GPU crash reports that may indicate attempts to trigger the vulnerability. 5. Employ endpoint security solutions capable of detecting anomalous kernel behavior or local privilege escalation attempts. 6. Engage with hardware and Linux distribution vendors for timely patches and advisories specific to affected devices. 7. For embedded or specialized devices, coordinate with OEMs to ensure firmware and kernel updates are applied promptly. 8. Conduct internal audits to identify devices using Qualcomm Adreno 6xx GPUs running vulnerable kernels and prioritize remediation accordingly.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:02:54.826Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe93e5
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:26:04 PM
Last updated: 8/11/2025, 9:54:23 AM
Views: 12
Related Threats
CVE-2025-50859: n/a
UnknownCVE-2025-50858: n/a
UnknownCVE-2025-55454: n/a
UnknownCVE-2025-51092: n/a
UnknownCVE-2025-43759: CWE-732 Incorrect Permission Assignment for Critical Resource in Liferay Portal
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.