CVE-2021-47327 – This vulnerability is a reference count leak in... (How to Fix)

Q: What is the severity of CVE-2021-47327?

CVE-2021-47327 has a CVSS score of 7.1 (HIGH). This vulnerability is a reference count leak in the ARM SMMU (System Memory Management Unit) driver in the Linux kernel. When the arm_smmu_rpm_get() function fails, it doesn't properly decrement the reference count, potentially causing resource exhaustion and system instability. This affects systems using ARM processors with SMMU hardware running vulnerable Linux kernel versions.

📋 TL;DR

This vulnerability is a reference count leak in the ARM SMMU (System Memory Management Unit) driver in the Linux kernel. When the arm_smmu_rpm_get() function fails, it doesn't properly decrement the reference count, potentially causing resource exhaustion and system instability. This affects systems using ARM processors with SMMU hardware running vulnerable Linux kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with the vulnerable ARM SMMU driver code (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with ARM processors using SMMU hardware. The vulnerability is in the driver code path, not in default configurations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or denial of service due to resource exhaustion, potentially leading to kernel panic and complete system unavailability.

🟠

Likely Case

Gradual system degradation, memory leaks, and eventual system instability requiring reboot.

🟢

If Mitigated

Minimal impact with proper monitoring and resource limits in place.

🌐 Internet-Facing: LOW - This is a kernel-level driver issue requiring local access or ability to trigger specific hardware operations.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through other vulnerabilities to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering the specific error path in arm_smmu_rpm_get() function, which may require specific hardware conditions or driver operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 1adf30f198c26539a62d761e45af72cde570413d, 3761ae0d0e549f2acdaf11f49df4ed06d256b20f, c4007596fbdabc29f858dc2e1990858a146b60b2, fbf4daa6f4105e01fbd3868006f65c163365c1e3, fe92c058199067ae90cf2a901ddf3c271893557a

Vendor Advisory: https://git.kernel.org/stable/c/1adf30f198c26539a62d761e45af72cde570413d

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ARM SMMU driver

linux

Disable the vulnerable driver module if not required

modprobe -r arm_smmu
echo 'blacklist arm_smmu' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Monitor system memory and resource usage for unusual patterns
Implement strict access controls to limit who can trigger driver operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it contains the vulnerable code by examining kernel source or checking distribution security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with distribution's security update verification tools.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
Memory allocation failures in kernel logs
System instability logs

SIEM Query:

source="kernel" AND ("arm_smmu" OR "SMMU" OR "memory management") AND (error OR fail OR panic)

📊 Metadata

CVE ID: CVE-2021-47327

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-911

Published: May 21, 2024

Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47327, you might also want to check these: