CVE-2021-46965
📋 TL;DR
This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's physmap-bt1-rom driver. The bug allows attackers to read kernel stack memory, potentially leaking sensitive information. Systems running affected Linux kernel versions with the physmap-bt1-rom driver enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure could lead to information leakage of sensitive kernel data, potentially enabling further exploitation or privilege escalation.
Likely Case
Information disclosure of kernel stack memory, which could reveal pointers or other sensitive data that aids attackers in developing more sophisticated exploits.
If Mitigated
Limited impact with proper kernel hardening and memory protection mechanisms in place.
🎯 Exploit Status
Requires local access and ability to interact with the specific driver interface. Exploitation would need to trigger the out-of-bounds access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version containing the fix commits. 2. Recompile kernel if using custom build. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable physmap-bt1-rom driver
linuxRemove or blacklist the vulnerable driver module if not needed
echo 'blacklist physmap-bt1-rom' >> /etc/modprobe.d/blacklist.conf
rmmod physmap-bt1-rom
🧯 If You Can't Patch
- Ensure strict access controls to prevent unauthorized local users from interacting with kernel interfaces
- Implement kernel hardening features like KASLR and stack protection to reduce impact
🔍 How to Verify
Check if Vulnerable:
Check if physmap-bt1-rom driver is loaded: lsmod | grep physmap-bt1-romCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases and verify driver is either updated or disabled📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes related to physmap driver
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic or oops messages containing 'physmap' or 'bt1-rom'🔗 References
- https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be
- https://git.kernel.org/stable/c/4d786870e3262ec098a3b4ed10b895176bc66ecb
- https://git.kernel.org/stable/c/4e4ebb827bf09311469ffd9d0c14ed40ed9747aa
- https://git.kernel.org/stable/c/683313993dbe1651c7aa00bb42a041d70e914925
- https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be
- https://git.kernel.org/stable/c/4d786870e3262ec098a3b4ed10b895176bc66ecb
- https://git.kernel.org/stable/c/4e4ebb827bf09311469ffd9d0c14ed40ed9747aa
- https://git.kernel.org/stable/c/683313993dbe1651c7aa00bb42a041d70e914925
