Login Sign Up

CVE-2021-47083

7.1 HIGH

📋 TL;DR

This CVE describes an out-of-bounds memory access vulnerability in the MediaTek pinctrl driver in the Linux kernel. When the virtual external interrupt (eint) number exceeds the available GPIO numbers, the driver may access memory beyond allocated bounds, potentially leading to system crashes or arbitrary code execution. This affects Linux systems using MediaTek hardware with the vulnerable driver.

💻 Affected Systems

Products:
  • Linux kernel with MediaTek pinctrl driver
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with MediaTek hardware using the vulnerable pinctrl driver. The vulnerability is triggered when virtual eint numbers exceed GPIO numbers.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution if combined with other vulnerabilities.

🟠

Likely Case

System instability, kernel crashes, or denial of service on affected MediaTek-based devices.

🟢

If Mitigated

Limited impact with proper kernel hardening and exploit mitigations in place.

🌐 Internet-Facing: LOW - This requires local access or ability to trigger specific hardware interrupts.
🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger specific hardware interrupts. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d, 441d3873664d170982922c5d2fc01fa89d9439ed, f373298e1bf0c6ea097c0bcc558dc43ad53e421f, fb563baa3eb8e7a15f2cff3c2695e2cca0493e69

Vendor Advisory: https://git.kernel.org/stable/c/2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable vulnerable driver module

linux

Blacklist or disable the MediaTek pinctrl driver if not required

echo 'blacklist pinctrl-mtk-common' >> /etc/modprobe.d/blacklist.conf
rmmod pinctrl-mtk-common

🧯 If You Can't Patch

  • Restrict local user access to systems with vulnerable hardware
  • Implement strict process isolation and limit hardware interrupt capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MediaTek pinctrl driver is loaded: 'lsmod | grep pinctrl_mtk' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains fix commits: 'git log --oneline | grep -i "2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d"'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Out of bounds memory access errors in kernel logs
  • System crashes related to pinctrl driver

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("pinctrl" OR "out of bounds" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2021-47083
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: March 4, 2024
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47083, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)