Login Sign Up

CVE-2021-47323

8.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's sc520_wdt watchdog driver allows potential memory corruption when the module is unloaded. This affects Linux systems using the SC520 watchdog timer hardware. Attackers with local access could potentially escalate privileges or cause denial of service.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with sc520_wdt driver before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if sc520_wdt module is loaded (typically requires specific AMD SC520 hardware or manual loading)

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, potentially leading to full system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Kernel panic or system crash causing denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

Limited to denial of service if kernel hardening features like KASLR and SMAP/SMEP are enabled and effective.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this for privilege escalation or DoS attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to load/unload kernel modules. Timing window for exploitation is narrow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 0015581a79bbf8e521f85dddb7d3e4a66b9f51d4 or later

Vendor Advisory: https://git.kernel.org/stable/c/0015581a79bbf8e521f85dddb7d3e4a66b9f51d4

Restart Required: Yes

Instructions:

1. Update kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify sc520_wdt module is not loaded if not needed.

🔧 Temporary Workarounds

Disable sc520_wdt module

linux

Prevent loading of vulnerable kernel module

echo 'blacklist sc520_wdt' >> /etc/modprobe.d/blacklist.conf
rmmod sc520_wdt

Restrict module loading

linux

Prevent unauthorized kernel module operations

sysctl -w kernel.modules_disabled=1

🧯 If You Can't Patch

  • Ensure sc520_wdt module is not loaded (check with lsmod).
  • Implement strict access controls to prevent local users from loading/unloading kernel modules.

🔍 How to Verify

Check if Vulnerable:

Check if sc520_wdt module is loaded: lsmod | grep sc520_wdt. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or is newer than vulnerable versions. Verify sc520_wdt module uses del_timer_sync() in wdt_turnoff().

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crashes/panics after module operations
  • Audit logs showing module loading/unloading

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("sc520_wdt" OR "use-after-free" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2021-47323
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 21, 2024
Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47323, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)