CVE-2021-47549: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to handle kernel data access on read at 0x80000800805b502c Oops: Kernel access of bad area, sig: 11 [#1] NIP [c0000000000388a4] .ioread32+0x4/0x20 LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl] Call Trace: .free_irq+0x1c/0x4e0 (unreliable) .ata_host_stop+0x74/0xd0 [libata] .release_nodes+0x330/0x3f0 .device_release_driver_internal+0x178/0x2c0 .driver_detach+0x64/0xd0 .bus_remove_driver+0x70/0xf0 .driver_unregister+0x38/0x80 .platform_driver_unregister+0x14/0x30 .fsl_sata_driver_exit+0x18/0xa20 [sata_fsl] .__se_sys_delete_module+0x1ec/0x2d0 .system_call_exception+0xfc/0x1f0 system_call_common+0xf8/0x200 ================================================================== The triggering of the BUG is shown in the following stack: driver_detach device_release_driver_internal __device_release_driver drv->remove(dev) --> platform_drv_remove/platform_remove drv->remove(dev) --> sata_fsl_remove iounmap(host_priv->hcr_base); <---- unmap kfree(host_priv); <---- free devres_release_all release_nodes dr->node.release(dev, dr->data) --> ata_host_stop ap->ops->port_stop(ap) --> sata_fsl_port_stop ioread32(hcr_base + HCONTROL) <---- UAF host->ops->host_stop(host) The iounmap(host_priv->hcr_base) and kfree(host_priv) functions should not be executed in drv->remove. These functions should be executed in host_stop after port_stop. Therefore, we move these functions to the new function sata_fsl_host_stop and bind the new function to host_stop.
AI Analysis
Technical Summary
CVE-2021-47549 is a use-after-free (UAF) vulnerability in the Linux kernel's sata_fsl driver, specifically affecting the PowerPC 64-bit (PPC64) architecture. The vulnerability arises when the sata_fsl kernel module is removed using the 'rmmod sata_fsl.ko' command. The root cause is a race condition in the driver removal sequence where the functions iounmap(host_priv->hcr_base) and kfree(host_priv) are called prematurely during the driver removal process (drv->remove). These functions unmap and free memory resources that are still accessed later in the shutdown sequence, specifically in the sata_fsl_port_stop function, which attempts to read from the already freed memory (ioread32(hcr_base + HCONTROL)). This results in a kernel crash (BUG) due to invalid memory access, leading to a kernel oops and potential system instability or denial of service. The fix involves refactoring the driver code to move the unmapping and freeing operations from drv->remove to a newly introduced function sata_fsl_host_stop, which is called after port_stop, ensuring that memory is freed only after all accesses are complete. This vulnerability is specific to the sata_fsl driver on PPC64 GNU/Linux systems and does not affect other architectures or SATA drivers. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability impacts kernel stability and could be triggered by a local user with the ability to remove kernel modules, potentially causing denial of service through a kernel panic or crash.
Potential Impact
For European organizations, the primary impact of CVE-2021-47549 is the risk of denial of service on systems running PPC64 Linux kernels with the sata_fsl driver loaded. This could disrupt critical infrastructure or services relying on affected hardware platforms, especially in sectors using specialized embedded or industrial systems based on PPC64 architecture. Confidentiality and integrity impacts are minimal as this vulnerability does not provide privilege escalation or arbitrary code execution capabilities. However, the availability impact can be significant if exploited, causing kernel panics and system downtime. Organizations running PPC64 Linux servers or embedded devices with this driver should be aware of potential service interruptions. Given the niche architecture and driver, the overall exposure is limited compared to more widespread vulnerabilities affecting x86 or ARM architectures. Nonetheless, critical systems in manufacturing, telecommunications, or research institutions using PPC64 hardware in Europe could face operational disruptions if this vulnerability is triggered.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability by moving the unmapping and freeing operations to the correct lifecycle phase (sata_fsl_host_stop). Ensure that your Linux kernel version includes this fix or upgrade to a patched kernel release. 2. Restrict the ability to remove kernel modules (rmmod) to trusted administrators only, minimizing the risk of accidental or malicious triggering of this vulnerability. 3. Monitor kernel logs for oops or BUG messages related to sata_fsl to detect any attempts to exploit or inadvertently trigger the issue. 4. For systems where kernel module removal is not necessary, consider blacklisting or disabling the sata_fsl module if not in use, reducing the attack surface. 5. In environments using PPC64 hardware, conduct thorough testing of kernel updates to ensure stability and compatibility with critical applications before deployment. 6. Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of kernel crashes. 7. Engage with hardware and Linux distribution vendors to confirm the presence of patches and receive timely updates.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2021-47549: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to handle kernel data access on read at 0x80000800805b502c Oops: Kernel access of bad area, sig: 11 [#1] NIP [c0000000000388a4] .ioread32+0x4/0x20 LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl] Call Trace: .free_irq+0x1c/0x4e0 (unreliable) .ata_host_stop+0x74/0xd0 [libata] .release_nodes+0x330/0x3f0 .device_release_driver_internal+0x178/0x2c0 .driver_detach+0x64/0xd0 .bus_remove_driver+0x70/0xf0 .driver_unregister+0x38/0x80 .platform_driver_unregister+0x14/0x30 .fsl_sata_driver_exit+0x18/0xa20 [sata_fsl] .__se_sys_delete_module+0x1ec/0x2d0 .system_call_exception+0xfc/0x1f0 system_call_common+0xf8/0x200 ================================================================== The triggering of the BUG is shown in the following stack: driver_detach device_release_driver_internal __device_release_driver drv->remove(dev) --> platform_drv_remove/platform_remove drv->remove(dev) --> sata_fsl_remove iounmap(host_priv->hcr_base); <---- unmap kfree(host_priv); <---- free devres_release_all release_nodes dr->node.release(dev, dr->data) --> ata_host_stop ap->ops->port_stop(ap) --> sata_fsl_port_stop ioread32(hcr_base + HCONTROL) <---- UAF host->ops->host_stop(host) The iounmap(host_priv->hcr_base) and kfree(host_priv) functions should not be executed in drv->remove. These functions should be executed in host_stop after port_stop. Therefore, we move these functions to the new function sata_fsl_host_stop and bind the new function to host_stop.
AI-Powered Analysis
Technical Analysis
CVE-2021-47549 is a use-after-free (UAF) vulnerability in the Linux kernel's sata_fsl driver, specifically affecting the PowerPC 64-bit (PPC64) architecture. The vulnerability arises when the sata_fsl kernel module is removed using the 'rmmod sata_fsl.ko' command. The root cause is a race condition in the driver removal sequence where the functions iounmap(host_priv->hcr_base) and kfree(host_priv) are called prematurely during the driver removal process (drv->remove). These functions unmap and free memory resources that are still accessed later in the shutdown sequence, specifically in the sata_fsl_port_stop function, which attempts to read from the already freed memory (ioread32(hcr_base + HCONTROL)). This results in a kernel crash (BUG) due to invalid memory access, leading to a kernel oops and potential system instability or denial of service. The fix involves refactoring the driver code to move the unmapping and freeing operations from drv->remove to a newly introduced function sata_fsl_host_stop, which is called after port_stop, ensuring that memory is freed only after all accesses are complete. This vulnerability is specific to the sata_fsl driver on PPC64 GNU/Linux systems and does not affect other architectures or SATA drivers. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability impacts kernel stability and could be triggered by a local user with the ability to remove kernel modules, potentially causing denial of service through a kernel panic or crash.
Potential Impact
For European organizations, the primary impact of CVE-2021-47549 is the risk of denial of service on systems running PPC64 Linux kernels with the sata_fsl driver loaded. This could disrupt critical infrastructure or services relying on affected hardware platforms, especially in sectors using specialized embedded or industrial systems based on PPC64 architecture. Confidentiality and integrity impacts are minimal as this vulnerability does not provide privilege escalation or arbitrary code execution capabilities. However, the availability impact can be significant if exploited, causing kernel panics and system downtime. Organizations running PPC64 Linux servers or embedded devices with this driver should be aware of potential service interruptions. Given the niche architecture and driver, the overall exposure is limited compared to more widespread vulnerabilities affecting x86 or ARM architectures. Nonetheless, critical systems in manufacturing, telecommunications, or research institutions using PPC64 hardware in Europe could face operational disruptions if this vulnerability is triggered.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability by moving the unmapping and freeing operations to the correct lifecycle phase (sata_fsl_host_stop). Ensure that your Linux kernel version includes this fix or upgrade to a patched kernel release. 2. Restrict the ability to remove kernel modules (rmmod) to trusted administrators only, minimizing the risk of accidental or malicious triggering of this vulnerability. 3. Monitor kernel logs for oops or BUG messages related to sata_fsl to detect any attempts to exploit or inadvertently trigger the issue. 4. For systems where kernel module removal is not necessary, consider blacklisting or disabling the sata_fsl module if not in use, reducing the attack surface. 5. In environments using PPC64 hardware, conduct thorough testing of kernel updates to ensure stability and compatibility with critical applications before deployment. 6. Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of kernel crashes. 7. Engage with hardware and Linux distribution vendors to confirm the presence of patches and receive timely updates.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-24T15:02:54.831Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe9431
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 2:27:59 PM
Last updated: 8/7/2025, 6:39:45 AM
Views: 11
Related Threats
CVE-2025-7679: CWE-306 Missing Authentication for Critical Function in ABB Aspect
HighCVE-2025-7677: CWE-306 Missing Authentication for Critical Function in ABB Aspect
MediumCVE-2025-53191: CWE-306 Missing Authentication for Critical Function in ABB Aspect
HighCVE-2025-53190: CWE-286 in ABB Aspect
HighCVE-2025-53189: CWE-639 Authorization Bypass Through User-Controlled Key in ABB Aspect
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.