What is CVE-2021-47276?

CVE-2021-47276 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47276 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47276?

CVE-2021-47276 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47276?

No patch is currently available for CVE-2021-47276. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47276 actively exploited?

CVE-2021-47276 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47276

Medium

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) returned -EINVAL and not -EFAULT, as the bug caused more than one error to occur. But because -EINVAL was returned, the ftrace_bug() tried to report what was at the location of the ip address, and read it directly. This caused the machine to panic, as the ip was not pointing to a valid memory address. Instead, read the ip address with copy_from_kernel_nofault() to safely access the memory, and if it faults, report that the address faulted, otherwise report what was in that location.

Package Linux Kernel

Published 2024-05-21

Last modified 2025-04-30

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-706

CVE-2021-47276 is classified as CWE-706

See CWE-706 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2021-47276 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2021-47276

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-21

Modified 2025-04-30

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47276?

CVE-2021-47276 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47276 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47276?

CVE-2021-47276 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47276?

No patch is currently available for CVE-2021-47276. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47276 actively exploited?

No — CVE-2021-47276 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.