LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap

In the Linux kernel, the following vulnerability has been resolved: powerpc/fixmap: Fix VM debug warning on unmap Unmapping a fixmap entry is done by calling __set_fixmap() with FIXMAP_PAGE_CLEAR as flags. Today, powerpc __set_fixmap() calls map_kernel_page(). map_kernel_page() is not happy when called a second time for the same page. WARNING: CPU: 0 PID: 1 at arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8 CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty #682 NIP: c0017cd4 LR: c00187f0 CTR: 00000010 REGS: e1011d50 TRAP: 0700 Not tainted (5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty) MSR: 00029032 <EE,ME,IR,DR,RI> CR: 42000208 XER: 00000000 GPR00: c0165fec e1011e10 c14c0000 c0ee2550 ff800000 c0f3d000 00000000 c001686c GPR08: 00001000 b00045a9 00000001 c0f58460 c0f50000 00000000 c0007e10 00000000 GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 GPR24: 00000000 00000000 c0ee2550 00000000 c0f57000 00000ff8 00000000 ff800000 NIP [c0017cd4] set_pte_at+0xc/0x1e8 LR [c00187f0] map_kernel_page+0x9c/0x100 Call Trace: [e1011e10] [c0736c68] vsnprintf+0x358/0x6c8 (unreliable) [e1011e30] [c0165fec] __set_fixmap+0x30/0x44 [e1011e40] [c0c13bdc] early_iounmap+0x11c/0x170 [e1011e70] [c0c06cb0] ioremap_legacy_serial_console+0x88/0xc0 [e1011e90] [c0c03634] do_one_initcall+0x80/0x178 [e1011ef0] [c0c0385c] kernel_init_freeable+0xb4/0x250 [e1011f20] [c0007e34] kernel_init+0x24/0x140 [e1011f30] [c0016268] ret_from_kernel_thread+0x5c/0x64 Instruction dump: 7fe3fb78 48019689 80010014 7c630034 83e1000c 5463d97e 7c0803a6 38210010 4e800020 81250000 712a0001 41820008 <0fe00000> 9421ffe0 93e1001c 48000030 Implement unmap_kernel_page() which clears an existing pte.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This CVE describes a Linux kernel bug in PowerPC fixmap unmapping. The provided record shows a VM debug warning when a fixmap entry is cleared, and the fix implements a proper page-table unmap path. No source in the bundle shows remote attack, privilege escalation, data exposure, or active exploitation.

Executive priority

Handle through routine kernel patch governance. Escalate only if critical PowerPC systems are affected or a vendor advisory assigns higher severity, because the provided sources do not show exploitation or a clear business-impacting security outcome.

Technical view

On PowerPC, __set_fixmap() used map_kernel_page() even when clearing a fixmap entry with FIXMAP_PAGE_CLEAR. Reusing map_kernel_page() against an already mapped page triggered a set_pte_at VM warning during early_iounmap(). The fix adds unmap_kernel_page() to clear an existing PTE.

Likely exposure

Exposure appears limited to Linux kernel builds on PowerPC within the affected version ranges or commits listed by the CVE record. The bundle does not identify user applications, distributions, cloud services, or non-PowerPC systems as affected.

Exploitation context

The source bundle does not report active exploitation, public weaponization, or KEV listing. The described symptom is a kernel VM debug warning during unmap logic, not a demonstrated attacker-controlled path. Treat exploitability as unproven from the provided evidence.

Researcher notes

Evidence is sparse: no CVSS, CWE, exploit status, or concrete security impact is provided. Analysis should stay close to the kernel fix: incorrect fixmap clearing on PowerPC caused a VM debug warning, resolved by clearing the PTE through a dedicated unmap helper.

Mitigation direction

  • Identify PowerPC systems running affected Linux kernel versions.
  • Review vendor or distribution advisories for patched kernel packages.
  • Apply kernel updates that include the referenced stable fixes.
  • Prioritize normal patch maintenance unless vendor guidance raises severity.
  • Avoid direct wrangler or deployment actions; this is kernel maintenance.

Validation and detection

  • Inventory kernel versions and architectures across managed assets.
  • Confirm whether systems run Linux on PowerPC hardware or virtual platforms.
  • Map installed kernels against the CVE affected version data.
  • Verify patched kernels include the referenced stable commits.
  • Check vendor advisories for distribution-specific backport identifiers.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47623 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux265c3491c4bc8d40587996d6ee2f447a7ccfb4f3, 265c3491c4bc8d40587996d6ee2f447a7ccfb4f3, 265c3491c4bc8d40587996d6ee2f447a7ccfb4f3, 265c3491c4bc8d40587996d6ee2f447a7ccfb4f3unaffected
LinuxLinux5.5, 0, 5.10.101, 5.15.24, 5.16.10, 5.17affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.