CVE-2021-47640 – A memory corruption vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2021-47640?

CVE-2021-47640 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in the Linux kernel's KASAN (Kernel Address SANitizer) subsystem on PowerPC architecture causes incorrect shadow page table updates, leading to both false positive and false negative memory access detections. This affects Linux systems running on PowerPC hardware with specific page size configurations. Attackers could potentially bypass KASAN protections to execute memory corruption attacks.

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's KASAN (Kernel Address SANitizer) subsystem on PowerPC architecture causes incorrect shadow page table updates, leading to both false positive and false negative memory access detections. This affects Linux systems running on PowerPC hardware with specific page size configurations. Attackers could potentially bypass KASAN protections to execute memory corruption attacks.

💻 Affected Systems

Products:

Linux Kernel

Versions: Kernel versions before fixes in 5.15.0-12267-gdebe436e77c7 and related stable branches

Operating Systems: Linux distributions running on PowerPC architecture

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PowerPC systems with PTE_RPN_SHIFT=24 and PAGE_SHIFT=12 configurations. KASAN must be enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, denial of service, or arbitrary code execution by bypassing KASAN protections

🟠

Likely Case

System instability, crashes, or false security alerts due to incorrect memory access detection

🟢

If Mitigated

Reduced KASAN effectiveness but limited direct exploitation without additional vulnerabilities

🌐 Internet-Facing: LOW - Requires local access or existing kernel compromise

🏢 Internal Only: MEDIUM - Could be leveraged by malicious insiders or combined with other local exploits

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of PowerPC memory layout. Primarily a KASAN bypass rather than direct exploitation vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 5a3d8f3192a4, 7f19245c3647, dd75080aa840, de56beace664, e3d157a4b4f4

Vendor Advisory: https://git.kernel.org/stable/c/5a3d8f3192a409893c57808cc935e16484df1068

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. For PowerPC systems: Apply kernel patches from stable branches. 3. Recompile kernel if using custom build. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable KASAN

PowerPC Linux

Disable Kernel Address SANitizer feature to prevent incorrect memory access detection

Rebuild kernel with CONFIG_KASAN=n

🧯 If You Can't Patch

Restrict local user access to PowerPC systems
Monitor for kernel panic logs and unusual memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: uname -r and uname -m. If PowerPC and kernel version is before fixes, system may be vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: grep -q '5a3d8f3192a4\|7f19245c3647\|dd75080aa840\|de56beace664\|e3d157a4b4f4' /proc/version

📡 Detection & Monitoring

Log Indicators:

KASAN: vmalloc-out-of-bounds warnings
Kernel panic logs
False positive memory corruption alerts

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "vmalloc-out-of-bounds" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2021-47640

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.04% exploit probability (12.9th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47640, you might also want to check these: