CVE-2021-46973
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's Qualcomm IPC Router (QRTR) subsystem when used with MHI (Modem Host Interface). It allows an attacker to potentially execute arbitrary code or cause denial of service by exploiting improper skb (socket buffer) handling. Systems running vulnerable Linux kernel versions with QRTR enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact if QRTR subsystem is disabled or not in use.
🎯 Exploit Status
Requires local access and ability to interact with QRTR subsystem. No public exploits known as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel versions via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable QRTR subsystem
linuxDisable the vulnerable QRTR subsystem if not required
echo 'blacklist qrtr' > /etc/modprobe.d/qrtr-blacklist.conf
rmmod qrtr
🧯 If You Can't Patch
- Restrict local user access to systems
- Disable QRTR subsystem if not required for functionality
🔍 How to Verify
Check if Vulnerable:
Check if QRTR module is loaded: lsmod | grep qrtr. Check kernel version against affected ranges.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and QRTR module version if loaded.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Oops messages related to QRTR or skb handling
Network Indicators:
- Unusual QRTR protocol activity if monitored
SIEM Query:
kernel: *Oops* OR kernel: *panic* AND (qrtr OR skb)🔗 References
- https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40
- https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a
- https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80
- https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0
- https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40
- https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a
- https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80
- https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0
