CVE-2021-47068
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem. It allows local attackers to potentially crash the kernel or execute arbitrary code by binding two sockets to the same NFC local interface. Only systems with NFC hardware and the NFC subsystem enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise.
Likely Case
Kernel panic or denial of service causing system crash.
If Mitigated
No impact if NFC subsystem is disabled or hardware not present.
🎯 Exploit Status
Proof-of-concept code is included in the CVE description. Requires local user access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes from the provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system.
🔧 Temporary Workarounds
Disable NFC subsystem
linuxRemove NFC kernel module if not needed
rmmod nfc
echo 'blacklist nfc' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable NFC hardware in BIOS/UEFI if possible
- Restrict local user access to systems with NFC hardware
🔍 How to Verify
Check if Vulnerable:
Check kernel version against distribution security advisories. Check if NFC module is loaded: lsmod | grep nfcCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and NFC module version matches patched kernel. Check dmesg for no related crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel oops or panic messages in dmesg/syslog related to nfc or llcp_sock
Network Indicators:
- Unusual NFC socket activity from local users
SIEM Query:
source="kernel" AND ("nfc" OR "llcp_sock" OR "use-after-free")🔗 References
- https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299
- https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c
- https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6
- https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91
- https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
- https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e
- https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
- https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570
- https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c
- https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299
- https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c
- https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6
- https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91
- https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
- https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e
- https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
- https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570
- https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c
