Login Sign Up

CVE-2021-47280

7.0 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem. Attackers could potentially exploit this to cause kernel crashes (denial of service) or possibly execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with DRM enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly listed in CVE description, but patches are available for multiple stable branches
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires DRM subsystem to be enabled and accessible. Systems without DRM or with restricted access to DRM interfaces may not be vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.

🟠

Likely Case

Kernel crash causing denial of service, requiring system reboot to restore functionality.

🟢

If Mitigated

Minimal impact if proper access controls prevent unprivileged users from accessing DRM interfaces.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the system's DRM interfaces, which are typically not exposed over networks.
🏢 Internal Only: MEDIUM - Local users or processes with access to DRM interfaces could exploit this vulnerability to crash the kernel.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Syzbot has a reproducible test case. Exploitation requires local access and ability to interact with DRM interfaces.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 17dab9326ff263c62dab1dbac4492e2938a049e4 and others listed in references

Vendor Advisory: https://git.kernel.org/stable/c/17dab9326ff263c62dab1dbac4492e2938a049e4

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict DRM device access

linux

Limit access to DRM device files to prevent unprivileged users from exploiting the vulnerability

chmod 600 /dev/dri/card*
chown root:root /dev/dri/card*

Disable unnecessary DRM modules

linux

Remove or blacklist DRM kernel modules if not required for system functionality

echo 'blacklist drm' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

  • Implement strict access controls on /dev/dri devices to prevent unauthorized users from accessing DRM interfaces
  • Monitor system logs for kernel panic events or unusual DRM-related activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions from kernel.org stable branches

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches or exceeds patched versions: uname -r and check commit hashes if available

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Oops messages in dmesg or /var/log/kern.log
  • DRM-related crash reports

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND "drm"

📊 Metadata

CVE ID: CVE-2021-47280
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-367
Published: May 21, 2024
Last Updated: December 24, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47280, you might also want to check these:

CVE-2026-25641 10.0

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attack...

Same vulnerability type (CWE-367)
CVE-2025-64180 10.0

A critical TOCTOU vulnerability in Manager accounting software allows attackers to bypass DNS valida...

Same vulnerability type (CWE-367)
CVE-2025-13032 9.9

A double fetch vulnerability in the sandbox kernel driver of Avast/AVG Antivirus on Windows allows l...

Same vulnerability type (CWE-367)