CVE-2021-47313
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's cpufreq CPPC driver. When the cpufreq policy initialization fails, allocated resources aren't properly freed, leading to gradual memory exhaustion. This affects all Linux systems using the CPPC CPU frequency scaling driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to complete system memory exhaustion, causing kernel panics, system crashes, or denial of service through resource starvation.
Likely Case
Gradual memory consumption over time leading to performance degradation, application failures, or system instability requiring reboots.
If Mitigated
With proper memory limits and monitoring, impact is limited to performance degradation rather than complete system failure.
🎯 Exploit Status
Exploitation requires ability to trigger cpufreq policy initialization failures, typically requiring local access or kernel-level control.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: b775383355755885b19d2acef977f1ca132e80a3, e1b2b2b61d30d7ce057ec17237c217d152ed97f2, fe2535a44904a77615a3af8e8fd7dafb98fb0e1b
Vendor Advisory: https://git.kernel.org/stable/c/b775383355755885b19d2acef977f1ca132e80a3
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable CPPC cpufreq driver
linuxTemporarily disable the vulnerable CPPC cpufreq driver if not required
echo 'blacklist acpi_cpufreq' > /etc/modprobe.d/blacklist-cppc.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Implement strict memory limits and monitoring for kernel memory usage
- Restrict local user access and monitor for abnormal memory consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if CPPC driver is loaded: 'uname -r' and 'lsmod | grep acpi_cpufreq'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check git commit history for fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in kernel logs
- System performance degradation logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("oom" OR "memory allocation failure" OR "cpufreq")🔗 References
- https://git.kernel.org/stable/c/b775383355755885b19d2acef977f1ca132e80a3
- https://git.kernel.org/stable/c/e1b2b2b61d30d7ce057ec17237c217d152ed97f2
- https://git.kernel.org/stable/c/fe2535a44904a77615a3af8e8fd7dafb98fb0e1b
- https://git.kernel.org/stable/c/b775383355755885b19d2acef977f1ca132e80a3
- https://git.kernel.org/stable/c/e1b2b2b61d30d7ce057ec17237c217d152ed97f2
- https://git.kernel.org/stable/c/fe2535a44904a77615a3af8e8fd7dafb98fb0e1b
