CVE-2021-47586: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
KASAN reports an out-of-bounds read in rk_gmac_setup on the line:
while (ops->regs[i]) {
This happens for most platforms since the regs flexible array member is
empty, so the memory after the ops structure is being read here. It
seems that mostly this happens to contain zero anyway, so we get lucky
and everything still works.
To avoid adding redundant data to nearly all the ops structures, add a
new flag to indicate whether the regs field is valid and avoid this loop
when it is not.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel out-of-bounds read in the stmmac dwmac-rk Ethernet setup path. The reported impact is availability, not data theft or privilege escalation. It matters mainly for systems running affected kernel versions with this driver path, especially embedded or appliance-style Linux deployments.
Executive priority
Treat this as a moderate availability risk. It is not supported as remotely exploitable by the provided sources, but affected infrastructure kernels should still be patched through normal maintenance, especially on Linux appliances or embedded platforms.
Technical view
KASAN reported an out-of-bounds read in rk_gmac_setup while iterating ops->regs. For most platforms the flexible array member is empty, so code read memory after the ops structure. The fix adds a flag indicating whether regs is valid and skips the loop when it is not.
Likely exposure
Exposure appears limited to affected Linux kernel builds using the stmmac dwmac-rk driver path. The CVE record lists Linux 5.14, 5.15.11, and 5.16-related version data, but exact downstream distro status must be checked with the kernel vendor.
Exploitation context
The provided sources do not show active exploitation, and the CVE is not marked in KEV. The CVSS vector requires local access and low privileges, with high availability impact and no stated confidentiality or integrity impact.
Researcher notes
Evidence is limited to the CVE record and upstream stable commits. The root cause is a bounds issue around an empty flexible array member in driver setup. The provided sources do not name exploit activity, exploit maturity, or downstream distro fixes.
Mitigation direction
Update affected Linux kernels to vendor-supported versions containing the stable fix.
Check downstream Linux distribution advisories for backported fixes.
Prioritize systems where availability of networked appliances is operationally important.
Avoid assuming a fixed upstream version equals patched downstream status.
Track both referenced stable commits during source or package review.
Validation and detection
Inventory systems running Linux 5.14, 5.15.x, or 5.16-era kernels.
Identify kernels built with the stmmac dwmac-rk driver path.
Confirm whether the referenced stable commits are present or backported.
Review kernel crash, boot, or KASAN logs for rk_gmac_setup reports.
Verify vendor package changelogs before closing remediation tickets.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-125: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-125 · source CWE mapping
Out-of-bounds Read
Out-of-bounds Read represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.