CVE-2021-47642
Published: 26 February 2025
Summary
CVE-2021-47642 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-16 (Memory Protection).
Deeper analysis
CVE-2021-47642 is a buffer overflow vulnerability in the Linux kernel's nvidiafb driver within the video framebuffer device (fbdev) subsystem. The issue arises in the nvidia_setup_i2c_bus() function, where strcpy() is used to copy a name parameter into the fixed-size chan->adapter.name buffer (48 characters), potentially allowing an overrun as flagged by Coverity (CID 19036). This affects systems using the nvidiafb module for legacy NVIDIA framebuffer support.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), requiring only local access (AV:L). Successful exploitation could result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), such as arbitrary code execution, data corruption, or system crashes within the kernel context, as indicated by the CVSS v3.1 score of 7.8.
Mitigation involves applying upstream kernel patches that replace strcpy() with strscpy() to safely truncate copies and prevent overflows. Relevant stable kernel commits include 055cdd2e7b992921424d4daaa285ced787fb205f, 08dff482012758935c185532b1ad7d584785a86e, 37a1a2e6eeeb101285cd34e12e48a881524701aa, 41baa86b6c802cdc6ab8ff2d46c083c9be93de81, and 47e5533adf118afaf06d25a3e2aaaab89371b1c5, available via git.kernel.org. Security practitioners should update affected Linux kernels accordingly.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-34662
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after…
more
examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel buffer overflow in nvidiafb driver directly enables privilege escalation via arbitrary code execution in kernel context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2021-47642 by requiring identification, reporting, and correction of the buffer overflow flaw via kernel patches replacing strcpy() with strscpy().
Implements memory protections such as stack canaries and address space layout randomization to prevent or detect exploitation of the buffer overflow in the nvidiafb driver.
Restricts system to least functionality by disabling or avoiding use of the legacy nvidiafb module, preventing loading of the vulnerable framebuffer driver.