CVE-2021-47149 in Linux
Summary
by MITRE • 03/25/2024
In the Linux kernel, the following vulnerability has been resolved:
net: fujitsu: fix potential null-ptr-deref
In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/04/2025
The vulnerability identified as CVE-2021-47149 represents a critical null pointer dereference flaw within the Linux kernel's Fujitsu hardware information retrieval mechanism. This issue specifically affects the fmvj18x_get_hwinfo() function which is part of the network driver subsystem responsible for accessing hardware information from Fujitsu devices. The vulnerability arises from inadequate error handling during memory mapping operations, creating a pathway for potential system instability or exploitation. According to CWE-476, this vulnerability falls under null pointer dereference conditions where the kernel fails to properly validate memory mapping results before proceeding with subsequent operations.
The technical implementation of this flaw occurs within the fmvj18x_get_hwinfo() function where the ioremap() function is called to map hardware registers into kernel virtual memory space. When the ioremap() operation fails due to insufficient resources or hardware unavailability, it returns a NULL pointer to the calling function. However, the existing code does not check this return value before attempting to dereference the resulting pointer, leading to immediate kernel panic or system crash. This pattern of error handling failure represents a classic kernel programming anti-pattern that violates fundamental safety principles. The vulnerability directly impacts the kernel's ability to gracefully handle hardware access failures and maintain system stability during normal operations.
The operational impact of CVE-2021-47149 extends beyond simple system crashes to potentially enable more sophisticated attack vectors within the kernel space. When a null pointer dereference occurs in kernel mode, it can result in complete system compromise or denial of service conditions that affect network connectivity and overall system availability. The vulnerability affects systems running Linux kernels that include the Fujitsu-specific network driver components, particularly those utilizing the fmvj18x hardware. From an ATT&CK perspective, this vulnerability could be leveraged as part of a broader attack chain involving privilege escalation or system compromise, as it represents an entry point for kernel-level exploitation. The flaw is particularly concerning in server environments where network reliability and system stability are paramount.
Mitigation strategies for this vulnerability require immediate kernel updates from vendors who have patched the specific function to properly validate the ioremap() return value. The fix implements proper error handling by checking the return value of ioremap() and returning appropriate error codes to callers when mapping operations fail. This approach aligns with kernel development best practices and security guidelines from the Linux kernel security team. System administrators should prioritize patching affected systems and monitoring for potential exploitation attempts. The solution demonstrates proper defensive programming principles where all kernel functions must validate their inputs and handle error conditions gracefully. Additional monitoring should focus on kernel log analysis for signs of memory mapping failures or system crashes that could indicate exploitation attempts.