CVE-2021-47548 in Linuxinfo

Summary

by MITRE • 05/24/2024

In the Linux kernel, the following vulnerability has been resolved:

ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

The if statement: if (port >= DSAF_GE_NUM) return;

limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;

because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).

To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 12/10/2025

The vulnerability CVE-2021-47548 represents a critical array overflow flaw within the Hisilicon DSAF (Data Sheet Architecture Framework) Ethernet driver component of the Linux kernel. This issue specifically affects the hns_dsaf_ge_srst_by_port() function which handles reset operations for gigabit ethernet ports within the hardware abstraction layer. The vulnerability stems from insufficient input validation that fails to properly constrain the port parameter against the actual array boundaries, creating a potential exploitation vector for malicious actors seeking to disrupt network operations or escalate privileges within kernel space.

The technical flaw manifests through a classic buffer overflow condition where the function performs an initial check using if (port >= DSAF_GE_NUM) returning early when port exceeds the expected range of 8 values. However, this validation is insufficient because it only considers DSAF_GE_NUM (8) while the actual array dsaf_dev->mac_cb has a limited size of DSAF_MAX_PORT_NUM (6). This discrepancy creates a scenario where port values of 6 or 7 can successfully pass the initial validation but subsequently cause an array access beyond the allocated memory boundaries when executing port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off. The vulnerability directly maps to CWE-129 Improper Validation of Array Index, which specifically addresses issues where array indices are not properly validated against array bounds, and CWE-787 Out-of-bounds Write, which describes writing to memory outside the bounds of a buffer.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, potentially enabling privilege escalation attacks and system instability within network infrastructure deployments using Hisilicon hardware platforms. When exploited, the array overflow could result in memory corruption that might allow attackers to execute arbitrary code within kernel space, particularly affecting systems running embedded network solutions or high-performance computing environments that rely on the Hisilicon DSAF framework. This vulnerability is particularly concerning in enterprise network environments where the Linux kernel serves as the foundation for network infrastructure, as it could compromise the integrity of network communications and potentially provide attackers with elevated privileges to manipulate system resources.

The recommended mitigation strategy involves implementing a comprehensive bounds check that validates the port parameter against DSAF_MAX_PORT_NUM before any array access operations occur, ensuring that the function properly validates against the actual array dimensions rather than the logical port range. System administrators should prioritize applying the kernel patches that address this specific vulnerability, which typically involve modifying the validation logic to include an additional check such as if (port >= DSAF_MAX_PORT_NUM) return; before the array access operation. Organizations should also implement network monitoring solutions to detect anomalous behavior that might indicate exploitation attempts, as the vulnerability's impact is most pronounced in environments with active network traffic and multiple port configurations. This fix aligns with ATT&CK technique T1068 Exploitation for Privilege Escalation and T1499 Endpoint Denial of Service, as it addresses both the privilege escalation potential and the system stability concerns associated with kernel-level buffer overflows.

Sources

Interested in the pricing of exploits?

See the underground prices here!