Login Sign Up

CVE-2021-47346

7.1 HIGH

📋 TL;DR

This is a global-out-of-bounds read vulnerability in the Linux kernel's CoreSight TMC-ETF driver. It allows reading kernel memory beyond allocated bounds, potentially exposing sensitive information or causing system instability. Systems running affected Linux kernel versions with CoreSight tracing enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but references indicate multiple stable kernel versions were patched.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when CoreSight tracing subsystem is enabled and in use. Most production systems have this disabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leakage, potential privilege escalation if combined with other vulnerabilities, or kernel panic causing system crash.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially exposing sensitive data like cryptographic keys or process information.

🟢

If Mitigated

Limited impact due to CoreSight being a specialized debugging feature not typically enabled in production systems.

🌐 Internet-Facing: LOW - Requires local access and CoreSight tracing to be enabled, which is uncommon for internet-facing systems.
🏢 Internal Only: MEDIUM - Internal systems with CoreSight debugging enabled could be vulnerable to local attackers or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to use CoreSight tracing features. The vulnerability is a read-only out-of-bounds access, limiting direct exploitation potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commit 0115687be7b13993066aef602253a53d55f5b11f and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/0115687be7b13993066aef602253a53d55f5b11f

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix. 2. Check kernel commit history for 0115687be7b13993066aef602253a53d55f5b11f. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable CoreSight tracing

linux

Disable the CoreSight tracing subsystem to prevent exploitation

echo 0 > /sys/kernel/debug/tracing/tracing_on
echo 0 > /sys/kernel/debug/tracing/events/enable

🧯 If You Can't Patch

  • Disable CoreSight tracing subsystem completely
  • Restrict access to debugging interfaces and require root privileges for CoreSight operations

🔍 How to Verify

Check if Vulnerable:

Check if CoreSight is enabled: lsmod | grep coresight and check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: uname -r and check kernel changelog for commit 0115687be7b13993066aef602253a53d55f5b11f

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN out-of-bounds error messages in dmesg
  • Unexpected system crashes

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for 'KASAN: global-out-of-bounds' or 'tmc_update_etf_buffer' in kernel logs

📊 Metadata

CVE ID: CVE-2021-47346
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: May 21, 2024
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47346, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)