CVE-2021-47205: clk: sunxi-ng: Unregister clocks/resets when unbinding
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: Unregister clocks/resets when unbinding
Currently, unbinding a CCU driver unmaps the device's MMIO region, while
leaving its clocks/resets and their providers registered. This can cause
a page fault later when some clock operation tries to perform MMIO. Fix
this by separating the CCU initialization from the memory allocation,
and then using a devres callback to unregister the clocks and resets.
This also fixes a memory leak of the `struct ccu_reset`, and uses the
correct owner (the specific platform driver) for the clocks and resets.
Early OF clock providers are never unregistered, and limited error
handling is possible, so they are mostly unchanged. The error reporting
is made more consistent by moving the message inside of_sunxi_ccu_probe.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can leave internal clock/reset registrations pointing at unmapped hardware memory after a sunxi-ng clock controller driver is unbound. A later clock operation may crash the kernel. The supplied sources do not show remote exposure, active exploitation, CVSS scoring, or a vendor workaround beyond applying the kernel fix.
Executive priority
Treat this as a kernel stability and availability risk for affected embedded Linux assets. It does not currently justify emergency internet-exposure response from the supplied evidence, but it should be included in normal kernel patch governance and prioritized where device crashes carry operational impact.
Technical view
The flaw is in Linux sunxi-ng CCU driver teardown. Unbind unmaps the device MMIO region but leaves clocks, resets, and providers registered. Later clock operations may dereference the stale MMIO mapping and page fault. The fix separates initialization from allocation and adds devres cleanup to unregister clocks and resets.
Likely exposure
Exposure appears limited to Linux systems running affected kernel versions with relevant sunxi-ng CCU drivers and device unbind paths. This is most relevant to embedded or ARM platforms using Allwinner-related clock/reset controller support. The bundle does not identify internet-facing exposure.
Exploitation context
The source bundle does not report active exploitation, and CISA KEV status is false. The described trigger involves driver unbinding and later kernel clock activity, suggesting local or operational conditions rather than a network attack path, but the sources do not fully define exploit prerequisites.
Researcher notes
Evidence is centered on the upstream Linux fix description. No CWE, CVSS vector, exploit report, or affected hardware list is supplied. Researchers should verify affected kernel trees by commit ancestry or vendor backports, then assess whether local unbind capability is reachable in their deployment model.
Mitigation direction
Update to a vendor kernel containing the referenced stable fixes.
Prioritize affected embedded or ARM devices using sunxi-ng CCU drivers.
Avoid unnecessary CCU driver unbind operations until patched.
Restrict privileged access to driver bind and unbind controls where applicable.
Check vendor advisories for backported fixes and support status.
Validation and detection
Inventory Linux kernel versions on systems using sunxi-ng CCU support.
Confirm whether the referenced stable commits are present or backported.
Review crash logs for page faults after clock or reset operations.
Check operational tooling for driver unbind workflows on affected devices.
Validate fixes first on representative hardware or staging images.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47205 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.