Login Sign Up

CVE-2021-47329

6.2 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a resource leak vulnerability in the Linux kernel's megaraid_sas driver. When the driver fails during PCI device probe, it doesn't properly clean up allocated resources, potentially leading to system instability or denial of service. Systems using Linux kernels with the vulnerable megaraid_sas driver are affected.

💻 Affected Systems

Products:
  • Linux kernel with megaraid_sas driver
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using LSI MegaRAID SAS controllers with the megaraid_sas driver loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or kernel panic due to resource exhaustion, leading to complete denial of service.

🟠

Likely Case

System instability, performance degradation, or partial denial of service affecting storage operations.

🟢

If Mitigated

Minimal impact with proper kernel updates and system monitoring.

🌐 Internet-Facing: LOW - This is a local kernel driver issue requiring physical or privileged access.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through compromised accounts with kernel access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires kernel-level access and specific driver failure conditions

Exploitation requires triggering the driver probe failure scenario, which may be difficult to achieve reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the git commits referenced in the CVE

Vendor Advisory: https://git.kernel.org/stable/c/04b6b9ea80906e3b41ff120b45db31768947cf72

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable megaraid_sas module

linux

Prevent loading of vulnerable driver if MegaRAID controller not needed

echo 'blacklist megaraid_sas' >> /etc/modprobe.d/blacklist.conf
rmmod megaraid_sas

🧯 If You Can't Patch

  • Monitor system logs for driver probe failures and resource exhaustion warnings
  • Implement strict access controls to prevent unauthorized kernel module loading

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if megaraid_sas module is loaded: lsmod | grep megaraid_sas

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for clean driver initialization

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • Driver probe failure logs in dmesg
  • Resource allocation failure messages

Network Indicators:

  • None - this is a local kernel issue

SIEM Query:

Search for 'megaraid_sas' AND ('probe failed' OR 'resource leak' OR 'kernel panic') in system logs

📊 Metadata

CVE ID: CVE-2021-47329
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: May 21, 2024
Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47329, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)