CVE-2021-47535 – This CVE describes a memory allocation vulnerab... (How to Fix)

Q: What is the severity of CVE-2021-47535?

CVE-2021-47535 has a CVSS score of 6.2 (MEDIUM). This CVE describes a memory allocation vulnerability in the Linux kernel's MSM A6xx GPU driver where insufficient memory is allocated for GMU registers during crash state capture. This leads to a slab-out-of-bounds write that can cause kernel crashes or potential privilege escalation. Affected systems are those running vulnerable Linux kernel versions with the MSM A6xx GPU driver.

📋 TL;DR

This CVE describes a memory allocation vulnerability in the Linux kernel's MSM A6xx GPU driver where insufficient memory is allocated for GMU registers during crash state capture. This leads to a slab-out-of-bounds write that can cause kernel crashes or potential privilege escalation. Affected systems are those running vulnerable Linux kernel versions with the MSM A6xx GPU driver.

💻 Affected Systems

Products:

Linux kernel with MSM A6xx GPU driver

Versions: Linux kernel versions containing commit 142639a52a01 (backported to chromeos-5.4 and other affected versions)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Qualcomm Adreno A6xx series GPUs using the MSM driver. Vulnerability triggers during GPU crash state capture.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, denial of service, or potential privilege escalation to kernel mode.

🟠

Likely Case

Kernel panic or system crash when GPU crash state capture is triggered, causing denial of service.

🟢

If Mitigated

System remains stable as the vulnerability is only triggered during specific GPU failure conditions.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger GPU crash state capture.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger GPU crash state capture, which typically requires local access or specific GPU fault conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 83e54fcf0b14ca2d869dd37abe1bb6542805f538 and others

Vendor Advisory: https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable GPU crash state capture

linux

Prevent triggering of the vulnerable code path by disabling GPU crash state capture functionality

echo 0 > /sys/module/msm/parameters/enable_crashstate

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable GPU drivers
Monitor for GPU crash events and system instability indicators

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MSM A6xx GPU driver is loaded: 'uname -r' and 'lsmod | grep msm'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: 'grep -q 83e54fcf0b14ca2d869dd37abe1bb6542805f538 /proc/version'

📡 Detection & Monitoring

Log Indicators:

KASAN slab-out-of-bounds warnings in kernel logs
GPU crash state capture failures
System crashes related to a6xx_gpu_state_get

Network Indicators:

None - local vulnerability only

SIEM Query:

kernel: *KASAN* AND *slab-out-of-bounds* AND *a6xx* OR kernel: *BUG* AND *a6xx_get_gmu_registers*

📊 Metadata

CVE ID: CVE-2021-47535

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: May 24, 2024

Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47535, you might also want to check these: