CVE-2021-4453
📋 TL;DR
This CVE describes a memory leak vulnerability in the AMD GPU driver within the Linux kernel. When the GPU metrics table allocation isn't properly freed during driver cleanup, it can lead to gradual memory exhaustion. This affects Linux systems with AMD Radeon graphics hardware using the affected kernel driver.
💻 Affected Systems
- Linux kernel with AMD GPU driver (drm/amd/pm)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service through resource depletion.
Likely Case
Gradual memory consumption over time during GPU driver operations, potentially leading to performance degradation or system instability after extended use.
If Mitigated
Minimal impact with proper memory management and system monitoring in place; memory would eventually be reclaimed on system reboot.
🎯 Exploit Status
Exploitation requires local access to trigger the memory leak repeatedly. No remote exploitation vectors identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in Linux kernel stable releases (commits: 222cebd995cdf11fe0d502749560f65e64990e55, 257b3bb16634fd936129fe2f57a91594a75b8751, aa464957f7e660abd554f2546a588f6533720e21)
Vendor Advisory: https://git.kernel.org/stable/c/222cebd995cdf11fe0d502749560f65e64990e55
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable AMD GPU driver
linuxPrevent loading of vulnerable AMD GPU driver module
echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system memory usage and implement alerts for abnormal memory consumption
- Restrict local user access to systems with AMD GPUs and implement strict privilege controls
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if AMD GPU driver is loaded: lsmod | grep amdgpuCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched release and check dmesg for any memory leak warnings📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg
- Increasing memory usage in system logs without corresponding process growth
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("Out of memory" OR "memory leak" OR "gpu_metrics_table")