CVE-2021-47540: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_mode routine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find an IBSS to join [ 102.827039] wlan0: Creating new IBSS network, BSSID 26:a4:50:1a:6e:69 [ 103.064756] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 103.073670] Mem abort info: [ 103.076520] ESR = 0x96000005 [ 103.079614] EC = 0x25: DABT (current EL), IL = 32 bits [ 103.084934] SET = 0, FnV = 0 [ 103.088042] EA = 0, S1PTW = 0 [ 103.091215] Data abort info: [ 103.094104] ISV = 0, ISS = 0x00000005 [ 103.098041] CM = 0, WnR = 0 [ 103.101044] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000460b1000 [ 103.107565] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 103.116590] Internal error: Oops: 96000005 [#1] SMP [ 103.189066] CPU: 1 PID: 333 Comm: kworker/u4:3 Not tainted 5.10.75 #0 [ 103.195498] Hardware name: MediaTek MT7622 RFB1 board (DT) [ 103.201124] Workqueue: phy0 ieee80211_iface_work [mac80211] [ 103.206695] pstate: 20000005 (nzCv daif -PAN -UAO -TCO BTYPE=--) [ 103.212705] pc : mt7915_get_phy_mode+0x68/0x120 [mt7915e] [ 103.218103] lr : mt7915_mcu_add_bss_info+0x11c/0x760 [mt7915e] [ 103.223927] sp : ffffffc011cdb9e0 [ 103.227235] x29: ffffffc011cdb9e0 x28: ffffff8006563098 [ 103.232545] x27: ffffff8005f4da22 x26: ffffff800685ac40 [ 103.237855] x25: 0000000000000001 x24: 000000000000011f [ 103.243165] x23: ffffff8005f4e260 x22: ffffff8006567918 [ 103.248475] x21: ffffff8005f4df80 x20: ffffff800685ac58 [ 103.253785] x19: ffffff8006744400 x18: 0000000000000000 [ 103.259094] x17: 0000000000000000 x16: 0000000000000001 [ 103.264403] x15: 000899c3a2d9d2e4 x14: 000899bdc3c3a1c8 [ 103.269713] x13: 0000000000000000 x12: 0000000000000000 [ 103.275024] x11: ffffffc010e30c20 x10: 0000000000000000 [ 103.280333] x9 : 0000000000000050 x8 : ffffff8006567d88 [ 103.285642] x7 : ffffff8006563b5c x6 : ffffff8006563b44 [ 103.290952] x5 : 0000000000000002 x4 : 0000000000000001 [ 103.296262] x3 : 0000000000000001 x2 : 0000000000000001 [ 103.301572] x1 : 0000000000000000 x0 : 0000000000000011 [ 103.306882] Call trace: [ 103.309328] mt7915_get_phy_mode+0x68/0x120 [mt7915e] [ 103.314378] mt7915_bss_info_changed+0x198/0x200 [mt7915e] [ 103.319941] ieee80211_bss_info_change_notify+0x128/0x290 [mac80211] [ 103.326360] __ieee80211_sta_join_ibss+0x308/0x6c4 [mac80211] [ 103.332171] ieee80211_sta_create_ibss+0x8c/0x10c [mac80211] [ 103.337895] ieee80211_ibss_work+0x3dc/0x614 [mac80211] [ 103.343185] ieee80211_iface_work+0x388/0x3f0 [mac80211] [ 103.348495] process_one_work+0x288/0x690 [ 103.352499] worker_thread+0x70/0x464 [ 103.356157] kthread+0x144/0x150 [ 103.359380] ret_from_fork+0x10/0x18 [ 103.362952] Code: 394008c3 52800220 394000e4 7100007f (39400023)
AI Analysis
Technical Summary
CVE-2021-47540 is a vulnerability identified in the Linux kernel, specifically within the mt76 wireless driver for MediaTek chipsets, targeting the mt7915 device. The flaw is a NULL pointer dereference occurring in the function mt7915_get_phy_mode, which is invoked when adding an IBSS (Independent Basic Service Set) interface to the mt7915 driver. IBSS mode is used for ad-hoc wireless networking without an access point. The vulnerability manifests when the driver attempts to handle IBSS network creation or joining, leading to a kernel NULL pointer dereference and consequent kernel panic or system crash. The detailed kernel logs indicate that the fault occurs due to dereferencing a NULL pointer at address 0x0 during the execution of mt7915_get_phy_mode, triggered by ieee80211 stack operations related to IBSS interface management. This vulnerability can cause denial of service (DoS) by crashing the kernel, impacting system availability. The issue affects Linux kernel versions containing the vulnerable mt7915 driver code prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires the system to be running the affected MediaTek mt7915 wireless chipset and to be operating or attempting to operate in IBSS mode, which is less common than infrastructure mode but still relevant in certain wireless networking scenarios.
Potential Impact
For European organizations, the primary impact of CVE-2021-47540 is the potential for denial of service on Linux systems using MediaTek mt7915 wireless chipsets when operating in IBSS mode. This could disrupt wireless connectivity and cause system instability or crashes, particularly in environments relying on ad-hoc wireless networks for communication or specialized industrial or embedded applications. While the vulnerability does not directly lead to privilege escalation or data leakage, the forced kernel panic can interrupt critical services, affecting operational continuity. Organizations using Linux-based devices with mt7915 wireless hardware in sectors such as telecommunications, manufacturing, or IoT deployments may face increased risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future weaponization. The vulnerability’s impact is limited to systems with the specific hardware and configuration, so widespread impact is unlikely but targeted attacks or accidental triggers could cause localized outages.
Mitigation Recommendations
To mitigate CVE-2021-47540, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the NULL pointer dereference in the mt7915 driver. Since no patch links are provided, monitoring official Linux kernel repositories and distributions for updates is critical. 2) Disable IBSS mode on affected devices if it is not required, as the vulnerability is triggered specifically during IBSS interface creation or joining. 3) For embedded or specialized devices using the mt7915 chipset, coordinate with hardware vendors or device manufacturers to obtain firmware or driver updates addressing this issue. 4) Implement monitoring for kernel crashes or wireless interface errors related to mt7915 to detect potential exploitation or accidental triggers. 5) Consider network segmentation and limiting wireless interface usage to infrastructure mode to reduce exposure. 6) Maintain robust incident response procedures to quickly recover from potential denial of service events caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2021-47540: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_mode routine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find an IBSS to join [ 102.827039] wlan0: Creating new IBSS network, BSSID 26:a4:50:1a:6e:69 [ 103.064756] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 103.073670] Mem abort info: [ 103.076520] ESR = 0x96000005 [ 103.079614] EC = 0x25: DABT (current EL), IL = 32 bits [ 103.084934] SET = 0, FnV = 0 [ 103.088042] EA = 0, S1PTW = 0 [ 103.091215] Data abort info: [ 103.094104] ISV = 0, ISS = 0x00000005 [ 103.098041] CM = 0, WnR = 0 [ 103.101044] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000460b1000 [ 103.107565] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 103.116590] Internal error: Oops: 96000005 [#1] SMP [ 103.189066] CPU: 1 PID: 333 Comm: kworker/u4:3 Not tainted 5.10.75 #0 [ 103.195498] Hardware name: MediaTek MT7622 RFB1 board (DT) [ 103.201124] Workqueue: phy0 ieee80211_iface_work [mac80211] [ 103.206695] pstate: 20000005 (nzCv daif -PAN -UAO -TCO BTYPE=--) [ 103.212705] pc : mt7915_get_phy_mode+0x68/0x120 [mt7915e] [ 103.218103] lr : mt7915_mcu_add_bss_info+0x11c/0x760 [mt7915e] [ 103.223927] sp : ffffffc011cdb9e0 [ 103.227235] x29: ffffffc011cdb9e0 x28: ffffff8006563098 [ 103.232545] x27: ffffff8005f4da22 x26: ffffff800685ac40 [ 103.237855] x25: 0000000000000001 x24: 000000000000011f [ 103.243165] x23: ffffff8005f4e260 x22: ffffff8006567918 [ 103.248475] x21: ffffff8005f4df80 x20: ffffff800685ac58 [ 103.253785] x19: ffffff8006744400 x18: 0000000000000000 [ 103.259094] x17: 0000000000000000 x16: 0000000000000001 [ 103.264403] x15: 000899c3a2d9d2e4 x14: 000899bdc3c3a1c8 [ 103.269713] x13: 0000000000000000 x12: 0000000000000000 [ 103.275024] x11: ffffffc010e30c20 x10: 0000000000000000 [ 103.280333] x9 : 0000000000000050 x8 : ffffff8006567d88 [ 103.285642] x7 : ffffff8006563b5c x6 : ffffff8006563b44 [ 103.290952] x5 : 0000000000000002 x4 : 0000000000000001 [ 103.296262] x3 : 0000000000000001 x2 : 0000000000000001 [ 103.301572] x1 : 0000000000000000 x0 : 0000000000000011 [ 103.306882] Call trace: [ 103.309328] mt7915_get_phy_mode+0x68/0x120 [mt7915e] [ 103.314378] mt7915_bss_info_changed+0x198/0x200 [mt7915e] [ 103.319941] ieee80211_bss_info_change_notify+0x128/0x290 [mac80211] [ 103.326360] __ieee80211_sta_join_ibss+0x308/0x6c4 [mac80211] [ 103.332171] ieee80211_sta_create_ibss+0x8c/0x10c [mac80211] [ 103.337895] ieee80211_ibss_work+0x3dc/0x614 [mac80211] [ 103.343185] ieee80211_iface_work+0x388/0x3f0 [mac80211] [ 103.348495] process_one_work+0x288/0x690 [ 103.352499] worker_thread+0x70/0x464 [ 103.356157] kthread+0x144/0x150 [ 103.359380] ret_from_fork+0x10/0x18 [ 103.362952] Code: 394008c3 52800220 394000e4 7100007f (39400023)
AI-Powered Analysis
Technical Analysis
CVE-2021-47540 is a vulnerability identified in the Linux kernel, specifically within the mt76 wireless driver for MediaTek chipsets, targeting the mt7915 device. The flaw is a NULL pointer dereference occurring in the function mt7915_get_phy_mode, which is invoked when adding an IBSS (Independent Basic Service Set) interface to the mt7915 driver. IBSS mode is used for ad-hoc wireless networking without an access point. The vulnerability manifests when the driver attempts to handle IBSS network creation or joining, leading to a kernel NULL pointer dereference and consequent kernel panic or system crash. The detailed kernel logs indicate that the fault occurs due to dereferencing a NULL pointer at address 0x0 during the execution of mt7915_get_phy_mode, triggered by ieee80211 stack operations related to IBSS interface management. This vulnerability can cause denial of service (DoS) by crashing the kernel, impacting system availability. The issue affects Linux kernel versions containing the vulnerable mt7915 driver code prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires the system to be running the affected MediaTek mt7915 wireless chipset and to be operating or attempting to operate in IBSS mode, which is less common than infrastructure mode but still relevant in certain wireless networking scenarios.
Potential Impact
For European organizations, the primary impact of CVE-2021-47540 is the potential for denial of service on Linux systems using MediaTek mt7915 wireless chipsets when operating in IBSS mode. This could disrupt wireless connectivity and cause system instability or crashes, particularly in environments relying on ad-hoc wireless networks for communication or specialized industrial or embedded applications. While the vulnerability does not directly lead to privilege escalation or data leakage, the forced kernel panic can interrupt critical services, affecting operational continuity. Organizations using Linux-based devices with mt7915 wireless hardware in sectors such as telecommunications, manufacturing, or IoT deployments may face increased risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future weaponization. The vulnerability’s impact is limited to systems with the specific hardware and configuration, so widespread impact is unlikely but targeted attacks or accidental triggers could cause localized outages.
Mitigation Recommendations
To mitigate CVE-2021-47540, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the NULL pointer dereference in the mt7915 driver. Since no patch links are provided, monitoring official Linux kernel repositories and distributions for updates is critical. 2) Disable IBSS mode on affected devices if it is not required, as the vulnerability is triggered specifically during IBSS interface creation or joining. 3) For embedded or specialized devices using the mt7915 chipset, coordinate with hardware vendors or device manufacturers to obtain firmware or driver updates addressing this issue. 4) Implement monitoring for kernel crashes or wireless interface errors related to mt7915 to detect potential exploitation or accidental triggers. 5) Consider network segmentation and limiting wireless interface usage to infrastructure mode to reduce exposure. 6) Maintain robust incident response procedures to quickly recover from potential denial of service events caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:02:54.828Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe93fc
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:26:51 PM
Last updated: 7/31/2025, 7:44:51 PM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.