CVE-2021-47317

powerpc/bpf: Fix detecting BPF atomic instructions

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other atomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way to distinguish instructions based on the immediate field. Existing JIT implementations were updated to check for the immediate field and to reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH) in the immediate field. However, the check added to powerpc64 JIT did not look at the correct BPF instruction. Due to this, such programs would be accepted and incorrectly JIT'ed resulting in soft lockups, as seen with the atomic bounds test. Fix this by looking at the correct immediate value.

Category

3.3
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7284dab07e4d51d453cc42851fae9ec4fac6ef2f patch
https://git.kernel.org/stable/c/0d435b6d94b05dcfd836d758a63145aa566618e2 patch
https://git.kernel.org/stable/c/419ac821766cbdb9fd85872bb3f1a589df05c94c patch

Frequently Asked Questions

What is the severity of CVE-2021-47317?
CVE-2021-47317 has been scored as a low severity vulnerability.
How to fix CVE-2021-47317?
To fix CVE-2021-47317, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47317 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47317 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47317?
CVE-2021-47317 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.