CVE-2021-47135
📋 TL;DR
This CVE-2021-47135 is an array out-of-bounds vulnerability in the mt7921 wireless driver in the Linux kernel. It could allow local attackers to cause denial of service or potentially execute arbitrary code by triggering the bug in the rate reporting function. Systems using affected Linux kernel versions with mt7921 wireless hardware are vulnerable.
💻 Affected Systems
- Linux kernel with mt76 wireless driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service, requiring reboot.
If Mitigated
Minimal impact if proper kernel hardening and privilege separation are in place.
🎯 Exploit Status
Requires local access and ability to trigger the specific wireless driver function. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 6919e8a24e70b6ba148fe07f44f835bcdd1a8d02 and d874e6c06952382897d35bf4094193cd44ae91bd
Vendor Advisory: https://git.kernel.org/stable/c/6919e8a24e70b6ba148fe07f44f835bcdd1a8d02
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable mt7921 wireless module
linuxPrevent loading of vulnerable wireless driver if not needed
echo 'blacklist mt7921e' >> /etc/modprobe.d/blacklist.conf
rmmod mt7921e
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernel
- Implement strict privilege separation and limit user capabilities
🔍 How to Verify
Check if Vulnerable:
Check if mt7921 driver is loaded: lsmod | grep mt7921. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check that mt7921 driver version includes the fix commits.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOPs messages related to mt7921 driver
- System crash/reboot events
Network Indicators:
- Unusual wireless interface behavior
SIEM Query:
source="kernel" AND ("mt7921" OR "OOPs" OR "kernel panic")