CVE-2021-47548: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47548 affects the Linux kernel's ethernet driver for HiSilicon HNS devices. The vulnerability was discovered on May 24, 2024, and involves a potential array overflow in the hns_dsaf_ge_srst_by_port() function. The issue occurs when the port value is 6 or 7, as the array dsaf_dev->mac_cb has a length of DSAF_MAX_PORT_NUM (6) while the check allows values up to DSAF_GE_NUM (8) (NVD).

The vulnerability exists in the hns_dsaf_misc.c file where an improper array index validation could lead to buffer overflow. The original code only checked if port >= DSAF_GE_NUM (8) but allowed access to array indices 6 and 7, while the actual array dsaf_dev->mac_cb only has 6 elements. This represents a CWE-129 (Improper Validation of Array Index) vulnerability with a CVSS v3.1 base score of 6.0 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H) (Red Hat).

The vulnerability could allow an attacker to cause an array overflow by accessing memory outside the bounds of the allocated array, potentially leading to system crashes or arbitrary code execution with elevated privileges (Red Hat).

The vulnerability has been patched by adding an additional check to ensure port >= DSAF_MAX_PORT_NUM before accessing the array. The fix has been implemented in various Linux kernel versions and is available through distribution-specific security updates. For Red Hat Enterprise Linux, fixes are available in kernel versions 5.14.0-427.26.1.el9_4 and others (Red Hat).