CVE-2021-47253
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's AMD display driver (drm/amd/display). During system suspend/resume cycles, the DMUB hardware initialization function incorrectly reallocates memory instead of reusing existing allocations, causing gradual memory exhaustion. This affects Linux systems with AMD graphics hardware using the affected kernel versions.
💻 Affected Systems
- Linux kernel with AMD display driver (drm/amd/display)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes unresponsive or crashes due to memory exhaustion after repeated suspend/resume cycles, potentially leading to denial of service and data loss.
Likely Case
Gradual performance degradation over time as available memory decreases, eventually requiring system reboot to restore normal operation.
If Mitigated
Minor performance impact during suspend/resume operations with no memory leak accumulation.
🎯 Exploit Status
Exploitation is straightforward but requires physical or privileged access to trigger suspend/resume cycles. No remote exploitation vector exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 9e8c2af010463197315fa54a6c17e74988b5259c, aa000f828e60ac15d6340f606ec4a673966f5b0b, c5699e2d863f58221044efdc3fa712dd32d55cde
Vendor Advisory: https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable suspend/resume functionality
linuxPrevent the vulnerable code path from being triggered by disabling system suspend features.
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
Disable AMD display driver
linuxRemove or blacklist the affected driver module if AMD graphics are not essential.
echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
🧯 If You Can't Patch
- Monitor system memory usage and schedule regular reboots to clear accumulated memory leaks.
- Implement strict access controls to prevent unauthorized users from triggering suspend/resume cycles.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and whether it contains the vulnerable commits: 'uname -r' and examine kernel source or distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond the fix commits and monitor memory usage during suspend/resume cycles for stability.📡 Detection & Monitoring
Log Indicators:
- Increasing memory usage in /var/log/syslog or dmesg after suspend/resume events
- OOM killer messages in kernel logs
Network Indicators:
- None - this is a local memory management issue
SIEM Query:
source="kernel" AND ("Out of memory" OR "oom-killer" OR "suspend" OR "resume")🔗 References
- https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c
- https://git.kernel.org/stable/c/aa000f828e60ac15d6340f606ec4a673966f5b0b
- https://git.kernel.org/stable/c/c5699e2d863f58221044efdc3fa712dd32d55cde
- https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c
- https://git.kernel.org/stable/c/aa000f828e60ac15d6340f606ec4a673966f5b0b
- https://git.kernel.org/stable/c/c5699e2d863f58221044efdc3fa712dd32d55cde
