CVE-2021-47286 – A vulnerability in the Linux kernel's MHI (Mobi... (How to Fix)

Q: What is the severity of CVE-2021-47286?

CVE-2021-47286 has a CVSS score of 7.8 (HIGH). A vulnerability in the Linux kernel's MHI (Mobile Host Interface) bus subsystem allows out-of-bounds memory access when processing command completions. Attackers could exploit this to cause denial of service, information disclosure, or potentially execute arbitrary code. Systems using affected Linux kernel versions with MHI functionality enabled are vulnerable.

📋 TL;DR

A vulnerability in the Linux kernel's MHI (Mobile Host Interface) bus subsystem allows out-of-bounds memory access when processing command completions. Attackers could exploit this to cause denial of service, information disclosure, or potentially execute arbitrary code. Systems using affected Linux kernel versions with MHI functionality enabled are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches exist for stable kernel trees. Likely affects versions before the fix commits.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if MHI (Mobile Host Interface) functionality is enabled and used. Many systems may not have this enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential information disclosure, or arbitrary code execution with kernel privileges.

🟠

Likely Case

System instability, denial of service through kernel panic, or information disclosure from kernel memory.

🟢

If Mitigated

Minimal impact if MHI functionality is disabled or systems are properly segmented.

🌐 Internet-Facing: LOW - Requires local access or specific hardware interface exploitation.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through compromised internal systems with appropriate access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to MHI interface and ability to send malicious event ring elements. Likely requires local access or compromised device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions via commits: 3efec3b4b16fc7af25676a94230a8ab2a3bb867c, 546362a9ef2ef40b57c6605f14e88ced507f8dd0, aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9

Vendor Advisory: https://git.kernel.org/stable/c/3efec3b4b16fc7af25676a94230a8ab2a3bb867c

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify MHI module loads correctly if needed.

🔧 Temporary Workarounds

Disable MHI functionality

linux

Disable the MHI bus subsystem if not required

modprobe -r mhi
echo 'blacklist mhi' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Disable MHI functionality if not required for system operation
Implement strict access controls to prevent unauthorized access to MHI interfaces

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if MHI module is loaded: lsmod | grep mhi

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and MHI module loads without errors

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
MHI subsystem errors in dmesg
Out of bounds access warnings

Network Indicators:

None - local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "MHI" OR "out of bounds")

📊 Metadata

CVE ID: CVE-2021-47286

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 21, 2024

Last Updated: April 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47286, you might also want to check these: