CVE-2021-47586 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2021-47586?

CVE-2021-47586 has a CVSS score of 5.5 (MEDIUM). This CVE describes an out-of-bounds read vulnerability in the Linux kernel's STMMAC Ethernet driver for Rockchip platforms. An attacker could potentially read kernel memory beyond allocated bounds, which could lead to information disclosure or system instability. Systems running affected Linux kernel versions with the dwmac-rk driver are vulnerable.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the Linux kernel's STMMAC Ethernet driver for Rockchip platforms. An attacker could potentially read kernel memory beyond allocated bounds, which could lead to information disclosure or system instability. Systems running affected Linux kernel versions with the dwmac-rk driver are vulnerable.

💻 Affected Systems

Products:

Linux kernel with dwmac-rk driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Rockchip platforms using the STMMAC Ethernet driver

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory information disclosure leading to privilege escalation or system crash

🟠

Likely Case

System instability or crash due to reading invalid memory regions

🟢

If Mitigated

Minor performance impact or no effect if memory happens to contain zeros

🌐 Internet-Facing: LOW - Requires local access or specific network conditions to trigger

🏢 Internal Only: MEDIUM - Local attackers could potentially exploit this for information disclosure

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and specific conditions to trigger the vulnerable code path

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 0546b224cc7717cc8a2db076b0bb069a9c430794 or 0b4a5d1e15ce72f69be48f38dc0401dab890ae0f

Vendor Advisory: https://git.kernel.org/stable/c/0546b224cc7717cc8a2db076b0bb069a9c430794

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable vulnerable driver module

linux

Prevent loading of the dwmac-rk driver if not needed

echo 'blacklist dwmac-rk' >> /etc/modprobe.d/blacklist.conf
rmmod dwmac-rk

🧯 If You Can't Patch

Restrict local access to systems using network segmentation
Implement strict access controls and monitoring for systems with vulnerable kernels

🔍 How to Verify

Check if Vulnerable:

Check if dwmac-rk driver is loaded: lsmod | grep dwmac-rk AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and dwmac-rk driver loads without errors

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
KASAN reports of out-of-bounds reads
System crashes related to network driver

Network Indicators:

Unusual network driver behavior on Rockchip systems

SIEM Query:

kernel: *oob* OR kernel: *KASAN* OR kernel: *dwmac-rk*

📊 Metadata

CVE ID: CVE-2021-47586

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: June 19, 2024

Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47586, you might also want to check these: