CVE-2021-47548
📋 TL;DR
This is an array overflow vulnerability in the Linux kernel's HNS ethernet driver that could allow local attackers to cause kernel memory corruption. It affects systems using HiSilicon network hardware with vulnerable kernel versions. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel with HNS ethernet driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise through memory corruption.
Likely Case
System instability, kernel crashes, or denial of service affecting network functionality.
If Mitigated
Limited impact if proper access controls prevent local attackers from accessing the vulnerable code path.
🎯 Exploit Status
Exploitation requires local access and knowledge of the vulnerable driver interface. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 22519eff7df2d88adcc2568d86046ce1e2b52803 and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable HNS ethernet driver
linuxTemporarily disable the vulnerable driver if not needed
modprobe -r hns_dsaf
echo 'blacklist hns_dsaf' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable hardware
- Implement strict access controls and monitoring for systems using HiSilicon network hardware
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if hns_dsaf module is loaded: lsmod | grep hns_dsaf && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check git commit history for the fix📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes related to network driver
- dmesg errors mentioning hns_dsaf
Network Indicators:
- Unexpected network interface failures on HiSilicon hardware
SIEM Query:
source="kernel" AND ("hns_dsaf" OR "array overflow" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803
- https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b
- https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d
- https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114
- https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1
- https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff
- https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627
- https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803
- https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b
- https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d
- https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114
- https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1
- https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff
- https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627
