CVE-2021-47165 in Linux
Summary
by MITRE • 03/25/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/meson: fix shutdown crash when component not probed
When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 ... pc : meson_drv_shutdown+0x24/0x50 lr : platform_drv_shutdown+0x20/0x30 ... Call trace: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x30 device_shutdown+0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30 ...
Simply check if the priv struct has been allocated before using it.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/09/2025
The vulnerability CVE-2021-47165 represents a critical null pointer dereference issue within the Linux kernel's drm/meson driver subsystem. This flaw manifests specifically during system shutdown operations when the main component has not been properly probed, which can occur when the dw-hdmi module is either not loaded or is in a probe defer state. The vulnerability falls under CWE-476 which categorizes null pointer dereference conditions, and directly impacts the kernel's ability to gracefully handle shutdown sequences in embedded systems utilizing meson graphics drivers. The issue is particularly concerning as it can lead to complete system crashes or hangs during critical shutdown operations, potentially resulting in data loss or system instability.
The technical implementation of this vulnerability stems from inadequate null pointer validation within the meson_drv_shutdown function. During system shutdown, the driver attempts to access a private structure (priv struct) without first verifying whether it has been properly allocated. The crash occurs at virtual address 0x0000000000000038, which corresponds to the offset where the driver expects to find component-specific data that may not exist. The call trace shows the execution path leading to platform_drv_shutdown and eventually kernel_restart, indicating that this vulnerability can cascade through the entire kernel shutdown mechanism. This type of flaw is classified as an improper null pointer dereference under the ATT&CK framework's T1490 technique category, which covers system shutdown/reboot attacks that can be leveraged to disrupt system operations.
The operational impact of CVE-2021-47165 extends beyond simple system crashes to encompass potential data integrity risks and service availability issues in embedded and mobile devices that rely on meson graphics drivers. Systems utilizing ARM-based processors with meson SoCs, particularly those running embedded Linux distributions, are vulnerable to this issue. The vulnerability can be triggered during normal system shutdown procedures, making it particularly dangerous as it affects routine operations rather than only specific error conditions. This flaw can be exploited by malicious actors to cause denial of service attacks or to create conditions that might allow further exploitation through subsequent system instability. The vulnerability is particularly relevant in IoT devices, embedded systems, and mobile platforms where automatic shutdown procedures are common and system reliability is paramount.
Mitigation strategies for CVE-2021-47165 focus on implementing proper null pointer validation within the meson driver shutdown routine. The fix requires checking whether the private structure has been allocated before attempting to access it, which aligns with the defensive programming principles recommended by the CERT/CC secure coding standards. System administrators should ensure that all relevant kernel modules, particularly dw-hdmi, are properly loaded and initialized before system shutdown operations. The recommended approach involves adding a simple conditional check before accessing the private structure pointer, which prevents the kernel from attempting to dereference a null pointer. Additionally, deploying updated kernel versions that include the official patch resolves the vulnerability at its source, making this a straightforward remediation process that requires minimal system disruption. Organizations should prioritize kernel updates to prevent exploitation of this vulnerability in production environments.