CVE-2021-47311
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's EMAC network driver that allows attackers to potentially execute arbitrary code or cause denial of service. It affects Linux systems using the Qualcomm EMAC network interface. The vulnerability occurs when the driver incorrectly frees network device resources before cleaning up associated data structures.
💻 Affected Systems
- Linux kernel with EMAC driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains kernel-level code execution, leading to full system compromise, privilege escalation, or persistent backdoor installation.
Likely Case
Kernel panic or system crash causing denial of service, potentially requiring physical access or reboot to restore functionality.
If Mitigated
System remains stable with no impact if patched or if EMAC driver is not in use.
🎯 Exploit Status
Requires local access and knowledge of kernel exploitation techniques. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 11e9d163d631198bb3eb41a677a61b499516c0f7, 2b70ca92847c619d6264c7372ef74fcbfd1e048c, 4d04a42b926e682140776e54188f4a44f1f01a81, 8a225a6e07a57a1538d53637cb3d82bd3e477839, ad297cd2db8953e2202970e9504cab247b6c7cb4
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution's package manager for available kernel updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable EMAC driver
linuxPrevent loading of the vulnerable EMAC driver module
echo 'blacklist emac' >> /etc/modprobe.d/blacklist.conf
rmmod emac
🧯 If You Can't Patch
- Restrict local access to affected systems using SELinux/AppArmor or user privilege controls
- Monitor system logs for kernel panics or unusual driver behavior
🔍 How to Verify
Check if Vulnerable:
Check if EMAC driver is loaded: lsmod | grep emac AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and EMAC driver loads without errors📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- EMAC driver crash logs in dmesg
- System crash/reboot events
Network Indicators:
- None - local exploitation only
SIEM Query:
search 'kernel panic' OR 'emac' OR 'use-after-free' in system logs🔗 References
- https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7
- https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c
- https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81
- https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839
- https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4
- https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d
- https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833
- https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7
- https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c
- https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81
- https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839
- https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4
- https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d
- https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833
