CVE-2021-47441 – A vulnerability in the Linux kernel's mlxsw the... (How to Fix)

Q: What is the severity of CVE-2021-47441?

CVE-2021-47441 has a CVSS score of 7.3 (HIGH). A vulnerability in the Linux kernel's mlxsw thermal driver allows setting cooling states above the maximum supported level, leading to out-of-bounds memory access when CONFIG_THERMAL_STATISTICS is enabled. This affects systems using Mellanox network hardware with the vulnerable driver. The issue can cause kernel crashes or potential privilege escalation.

📋 TL;DR

A vulnerability in the Linux kernel's mlxsw thermal driver allows setting cooling states above the maximum supported level, leading to out-of-bounds memory access when CONFIG_THERMAL_STATISTICS is enabled. This affects systems using Mellanox network hardware with the vulnerable driver. The issue can cause kernel crashes or potential privilege escalation.

💻 Affected Systems

Products:

Linux kernel with mlxsw driver

Versions: Linux kernel versions before fixes in stable releases (specific commits: 332fdf951df8b870e3da86b122ae304e2aabe88c, ae0993739e14a102d506aa09e11b0065f3144f10, etc.)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires CONFIG_THERMAL_STATISTICS=y and access to thermal sysfs interface. Primarily affects systems with Mellanox network hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation via memory corruption, or denial of service affecting network connectivity.

🟠

Likely Case

System crash or kernel panic when invalid cooling states are set with thermal statistics enabled, causing temporary service disruption.

🟢

If Mitigated

No impact if CONFIG_THERMAL_STATISTICS is disabled or if cooling state manipulation is restricted.

🌐 Internet-Facing: LOW - Requires local access to thermal sysfs interface, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users with access to thermal sysfs can trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple command to trigger via sysfs interface.

Exploitation requires local access to write to /sys/class/thermal/thermal_zone*/cdev*/cur_state. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases via commits 332fdf951df8b870e3da86b122ae304e2aabe88c and related patches

Vendor Advisory: https://git.kernel.org/stable/c/332fdf951df8b870e3da86b122ae304e2aabe88c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable thermal statistics

linux

Build kernel without CONFIG_THERMAL_STATISTICS to prevent out-of-bounds access.

# Reconfigure kernel with CONFIG_THERMAL_STATISTICS=n

Restrict sysfs access

linux

Limit write access to thermal sysfs files to prevent unauthorized state changes.

# chmod 444 /sys/class/thermal/thermal_zone*/cdev*/cur_state
# chown root:root /sys/class/thermal/thermal_zone*/cdev*/cur_state

🧯 If You Can't Patch

Restrict access to thermal sysfs interface to privileged users only.
Monitor system logs for kernel panic or KASAN reports related to thermal_cooling_device_stats_update.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if mlxsw driver is loaded: # uname -r && lsmod | grep mlxsw

Check Version:

# uname -r

Verify Fix Applied:

Verify kernel version is patched and test by attempting to set invalid cooling state: # echo 18 > /sys/class/thermal/thermal_zone*/cdev*/cur_state 2>&1 | grep -i 'invalid'

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN reports mentioning thermal_cooling_device_stats_update
Out-of-bounds memory access errors in dmesg

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "thermal_cooling_device_stats_update")

📊 Metadata

CVE ID: CVE-2021-47441

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

CWE: CWE-787

Published: May 22, 2024

Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47441, you might also want to check these: