CVE-2021-47023 – A race condition vulnerability in the Marvell P... (How to Fix)

Q: What is the severity of CVE-2021-47023?

CVE-2021-47023 has a CVSS score of 8.2 (HIGH). A race condition vulnerability in the Marvell Prestera network driver in the Linux kernel can cause a kernel crash when handling port events during initialization. This affects systems using Prestera network hardware and can lead to denial of service. The vulnerability occurs when the firmware sends port events with down state during initialization while ports are being created.

📋 TL;DR

A race condition vulnerability in the Marvell Prestera network driver in the Linux kernel can cause a kernel crash when handling port events during initialization. This affects systems using Prestera network hardware and can lead to denial of service. The vulnerability occurs when the firmware sends port events with down state during initialization while ports are being created.

💻 Affected Systems

Products:

Linux kernel with Marvell Prestera driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Marvell Prestera network hardware/switch ASICs. The driver is typically loaded automatically when hardware is detected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, requiring physical or remote console access to reboot the system.

🟠

Likely Case

System crash during network interface initialization, causing temporary service disruption until system reboot.

🟢

If Mitigated

No impact if patched or if Prestera hardware is not used.

🌐 Internet-Facing: MEDIUM - Could be triggered by network events reaching vulnerable interfaces, but requires specific hardware.

🏢 Internal Only: MEDIUM - Affects internal systems with Prestera network hardware during initialization or port state changes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires triggering the race condition during port initialization, which could potentially be done via network traffic or hardware events. No public exploit code has been observed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 0ce6052802be2cb61a57b753e41301339c88c839, 333980481b99edb24ebd5d1a53af70a15d9146de, 9d1ba11fabdd8f25abb24272ef1621417981320b, b5bba6ede42693f50ce1c9944315cefed7491061

Vendor Advisory: https://git.kernel.org/stable/c/0ce6052802be2cb61a57b753e41301339c88c839

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Prestera driver

linux

Prevent loading of the vulnerable prestera driver if hardware is not needed

echo 'blacklist prestera' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist prestera_pci' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

Ensure systems with Prestera hardware are on isolated networks to limit potential trigger events
Monitor system logs for kernel panic/crash events and have rapid recovery procedures

🔍 How to Verify

Check if Vulnerable:

Check if prestera module is loaded: lsmod | grep prestera AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and prestera module loads without crashes during network initialization

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning prestera_fw_evt_work_fn, cancel_delayed_work, or port event handling
System crash/reboot events during network interface initialization

Network Indicators:

Unusual network events to Prestera interfaces during system boot

SIEM Query:

event_type:"kernel_panic" AND message:"prestera" OR event_type:"system_crash" AND process:"prestera"

📊 Metadata

CVE ID: CVE-2021-47023

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-400

Published: February 28, 2024

Last Updated: March 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47023, you might also want to check these: