CVE-2021-47048
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's SPI driver for ZynqMP GQSPI controllers. An attacker could exploit this to cause kernel memory corruption, potentially leading to system crashes or arbitrary code execution with kernel privileges. Systems running affected Linux kernel versions with the spi-zynqmp-gqspi driver loaded are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel privilege escalation leading to full system compromise, denial of service, or arbitrary code execution with kernel privileges.
Likely Case
System crash or kernel panic resulting in denial of service, requiring physical or remote reboot.
If Mitigated
No impact if the vulnerable driver is not loaded or the system is patched.
🎯 Exploit Status
Exploitation requires triggering specific SPI operations through the vulnerable driver, typically requiring local access or ability to interact with SPI devices.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific kernel versions in provided git commit references
Vendor Advisory: https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify driver is updated.
🔧 Temporary Workarounds
Disable vulnerable driver
linuxPrevent loading of spi-zynqmp-gqspi driver if not required
echo 'blacklist spi-zynqmp-gqspi' >> /etc/modprobe.d/blacklist.conf
rmmod spi-zynqmp-gqspi
🧯 If You Can't Patch
- Restrict local access to prevent unauthorized users from triggering SPI operations
- Implement strict access controls and monitoring for SPI device interactions
🔍 How to Verify
Check if Vulnerable:
Check if spi-zynqmp-gqspi driver is loaded: lsmod | grep spi-zynqmp-gqspiCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and driver version matches fixed commits📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN use-after-free warnings in dmesg
- SPI operation failures
Network Indicators:
- None - local vulnerability
SIEM Query:
Search for kernel panic events or use-after-free warnings in system logs🔗 References
- https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a
- https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c
- https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58
- https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62
- https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a
- https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c
- https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58
- https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62
