Security readout for executives and security teams
Plain-English summary
This CVE is a Linux kernel bug affecting Qualcomm IPQ8074-based systems. A missing PCI-E clock parent can trigger a kernel oops and reset during boot, creating an availability risk for affected embedded devices rather than a documented data compromise issue.
Executive priority
Treat this as a targeted availability risk for affected embedded or network devices. It is not supported by the sources as internet-exploited, but unpatched devices may fail during boot and disrupt operations.
Technical view
The IPQ8074 Qualcomm clock driver defined pcie0_rchng_clk_src with two parents but populated only one, causing a NULL pointer panic in clk_core_get_parent_by_index() during clock registration. Stable kernel commits fix parent data handling for the affected clock definitions.
Likely exposure
Likely limited to Linux systems using Qualcomm IPQ8074 hardware and affected kernel versions or downstream builds. The source example names Xiaomi AX3600 hardware, but the bundle does not prove broader product exposure.
Exploitation context
No KEV listing is provided, and the sources describe a boot-time kernel oops rather than active exploitation. No remote, local, or privilege-escalation attack path is evidenced in the supplied bundle.
Researcher notes
Evidence is strongest for the root cause and kernel fix. Severity, CVSS, CWE, and exploitability details are not supplied. Analysis should focus on kernel lineage, IPQ8074 hardware presence, and whether vendor firmware includes the stable patches.
Mitigation direction
Update to a kernel or vendor firmware containing the referenced stable fixes.
Check device vendor advisories for IPQ8074-based products and downstream kernel backports.
Prioritize affected network appliances that reboot, fail to boot, or rely on PCI-E devices.
Avoid inventing local workarounds; follow vendor or kernel stable guidance.
Validation and detection
Inventory Linux devices using Qualcomm IPQ8074 SoCs or downstream kernels based on affected versions.
Compare running kernel source or vendor changelog against the referenced stable commits.
Review boot logs for IPQ8074 PCI-E clock oops or early reset symptoms.
Confirm patched devices boot normally and PCI-E-dependent hardware initializes successfully.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47647 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
6Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Feb 26, 2025, 01:54 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.