CVE-2021-46959
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's SPI subsystem. When using devm_spi_alloc_* functions, improper cleanup during SPI controller unregistration can cause reference counters to decrement below zero, potentially leading to kernel crashes or instability. This affects Linux systems using SPI devices with devm resource management.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel warnings, or crashes when SPI controllers are unregistered during device removal or driver unloading.
If Mitigated
Minor performance impact or warning messages in kernel logs without system compromise.
🎯 Exploit Status
Exploitation requires triggering SPI controller cleanup, typically through device removal or driver operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74
Restart Required: Yes
Instructions:
1. Identify current kernel version. 2. Apply relevant kernel patch from stable tree. 3. Recompile kernel if using custom build. 4. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Avoid devm_spi_alloc functions
linuxUse non-devm SPI allocation functions if possible to avoid the vulnerable code path
🧯 If You Can't Patch
- Restrict access to SPI device operations to trusted users only
- Monitor kernel logs for refcount warnings and investigate SPI device operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if SPI devm allocation functions are used in your configurationCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: 001c8e83646ad3b847b18f6ac55a54367d917d74 or related commits📡 Detection & Monitoring
Log Indicators:
- WARNING: CPU: ... at lib/refcount.c:28 refcount_warn_saturate
- kobject_put errors during SPI operations
- put_device warnings
SIEM Query:
kernel:WARNING AND refcount_warn_saturate🔗 References
- https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74
- https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4
- https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815
- https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9
- https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6
- https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e
- https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c
- https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1
- https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7
- https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74
- https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4
- https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815
- https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9
- https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6
- https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e
- https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c
- https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1
- https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7
