What is CVE-2021-47633?

CVE-2021-47633 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10, classified as a Out-of-bounds Read flaw (CWE-125), affecting Linux kernel versions from 2.6.30 onward and patched in 4.9.311, 4.14.276, 4.19.238 and others. CVE-2021-47633 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47633?

CVE-2021-47633 has a CVSS score of 7.1 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Is there a patch available for CVE-2021-47633?

Yes, CVE-2021-47633 has been patched. Fixed versions include 4.9.311, 4.14.276, 4.19.238 and others. If you are running Linux kernel 2.6.30 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2021-47633 actively exploited?

CVE-2021-47633 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/125.html

CVE-2021-47633

High

In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound. pd = &chinfo[pier].pd_curves[idx]; There are many OOB writes using pd later in the code. So I added a sanity check for idx. Checks for other loops involving AR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not used outside the loops. The patch is NOT tested with real device. The following is the fuzzing report BUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] Write of size 1 at addr ffff8880174a4d60 by task modprobe/214 CPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1 Call Trace: dump_stack+0x76/0xa0 print_address_description.constprop.0+0x16/0x200 ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] __kasan_report.cold+0x37/0x7c ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] kasan_report+0xe/0x20 ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] ? apic_timer_interrupt+0xa/0x20 ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k] ath5k_eeprom_init+0x2513/0x6290 [ath5k] ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] ? usleep_range+0xb8/0x100 ? apic_timer_interrupt+0xa/0x20 ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k] ath5k_hw_init+0xb60/0x1970 [ath5k] ath5k_init_ah+0x6fe/0x2530 [ath5k] ? kasprintf+0xa6/0xe0 ? ath5k_stop+0x140/0x140 [ath5k] ? _dev_notice+0xf6/0xf6 ? apic_timer_interrupt+0xa/0x20 ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k] ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] ? mutex_lock+0x89/0xd0 ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] local_pci_probe+0xd3/0x160 pci_device_probe+0x23f/0x3e0 ? pci_device_remove+0x280/0x280 ? pci_device_remove+0x280/0x280 really_probe+0x209/0x5d0

Package Linux Kernel

Published 2025-02-26

Last modified 2025-09-23

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.1

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness type

CWE-125

CVE-2021-47633 is a Out-of-bounds Read vulnerability

What is Out-of-bounds Read?

The product reads data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE

Affected versions

Linux kernel versions 2.6.30 and later are affected. Fixed in 4.9.311, 4.14.276, 4.19.238, 5.4.189, 5.10.111, 5.15.34, 5.16.20, 5.17.3, 5.18 and their respective stable series.

Affected from

≥ 2.6.30

Fixed in

✓ 4.9.311 4.9.x ✓ 4.14.276 4.14.x ✓ 4.19.238 4.19.x ✓ 5.4.189 5.4.x ✓ 5.10.111 5.10.x ✓ 5.15.34 5.15.x ✓ 5.16.20 5.16.x ✓ 5.17.3 5.17.x ✓ 5.18

References

The following references provide additional information about CVE-2021-47633 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f
Patch

9 patch commits total View all on NVD

Details

CVE ID CVE-2021-47633

Severity High

CVSS score 7.1 / 10

CVSS version 3.1

Published 2025-02-26

Modified 2025-09-23

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2021-47633?

CVE-2021-47633 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 , classified as an Out-of-bounds Read flaw (CWE-125) . It affects Linux kernel versions from 2.6.30 onward and has been patched in 4.9.311, 4.14.276, 4.19.238 and others. CVE-2021-47633 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47633?

CVE-2021-47633 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Is there a patch available for CVE-2021-47633?

Yes — CVE-2021-47633 has been patched. Fixed versions include 4.9.311, 4.14.276, 4.19.238 and others. If you are running Linux kernel 2.6.30 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2021-47633 actively exploited?

No — CVE-2021-47633 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. View CWE-125 on MITRE CWE →