CVE-2021-47006

ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook

Description

In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default ::overflow_handler()") set a default event->overflow_handler in perf_event_alloc(), and replace the check event->overflow_handler with is_default_overflow_handler(), but one is missing. Currently, the bp->overflow_handler can not be NULL. As a result, enable_single_step() is always not invoked. Comments from Zhen Lei: https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210207105934.2001-1-thunder.leizhen@huawei.com/

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/555a70f7fff03bd669123487905c47ae27dbdaac patch
https://git.kernel.org/stable/c/ed1f67465327cec4457bb988775245b199da86e6 patch
https://git.kernel.org/stable/c/a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb patch
https://git.kernel.org/stable/c/3ed8832aeaa9a37b0fc386bb72ff604352567c80 patch
https://git.kernel.org/stable/c/630146203108bf6b8934eec0dfdb3e46dcb917de patch
https://git.kernel.org/stable/c/7eeacc6728c5478e3c01bc82a1f08958eaa12366 patch
https://git.kernel.org/stable/c/dabe299425b1a53a69461fed7ac8922ea6733a25 patch
https://git.kernel.org/stable/c/a506bd5756290821a4314f502b4bafc2afcf5260 patch

Frequently Asked Questions

What is the severity of CVE-2021-47006?
CVE-2021-47006 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47006?
To fix CVE-2021-47006, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47006 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47006 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47006?
CVE-2021-47006 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.