CVE-2021-47331 – A race condition in the Linux kernel's USB conn... (How to Fix)

Q: What is the severity of CVE-2021-47331?

CVE-2021-47331 has a CVSS score of 5.5 (MEDIUM). A race condition in the Linux kernel's USB connector GPIO driver causes a NULL pointer dereference when an OTG cable is connected during system boot. This vulnerability can cause kernel panics or system crashes, affecting all Linux systems using the affected USB driver code.

📋 TL;DR

A race condition in the Linux kernel's USB connector GPIO driver causes a NULL pointer dereference when an OTG cable is connected during system boot. This vulnerability can cause kernel panics or system crashes, affecting all Linux systems using the affected USB driver code.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with the vulnerable usb-conn-gpio driver code (specific commit range)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires systems with USB OTG functionality and the usb-conn-gpio driver enabled. Embedded systems and IoT devices with USB ports are particularly affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot the system.

🟠

Likely Case

System crash or instability when connecting USB OTG devices during boot process, requiring reboot to restore functionality.

🟢

If Mitigated

Minor system instability that self-recovers or requires manual intervention to restart affected USB services.

🌐 Internet-Facing: LOW - This is a local hardware interaction vulnerability requiring physical USB device connection.

🏢 Internal Only: MEDIUM - Internal users with physical access could cause denial of service by connecting OTG cables during boot.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires physical access to connect an OTG cable during system boot. No authentication or network access needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes from commits: 1a133a0996d6b4c83509d570ed4edcba34c44f25, 436906fd248e018403bcda61a9311d9af02912f1, 880287910b1892ed2cb38977893b947382a09d21, 8e8d910e9a3a7fba86140aff4924c30955ab228b

Vendor Advisory: https://git.kernel.org/stable/c/1a133a0996d6b4c83509d570ed4edcba34c44f25

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable USB OTG functionality

linux

Prevent the vulnerable code path by disabling USB OTG support in kernel configuration

echo 'blacklist usb-conn-gpio' > /etc/modprobe.d/disable-usb-conn-gpio.conf
update-initramfs -u
reboot

Delay USB initialization

linux

Add boot delay to ensure charger registration completes before USB interrupts

Add 'usbcore.autosuspend_delay_ms=2000' to kernel boot parameters in /etc/default/grub
update-grub
reboot

🧯 If You Can't Patch

Restrict physical access to USB ports on critical systems
Implement boot monitoring to detect and alert on system crashes from USB events

🔍 How to Verify

Check if Vulnerable:

Check if usb-conn-gpio module is loaded: lsmod | grep usb_conn_gpio AND check kernel version against affected ranges

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched AND test OTG cable connection during boot without system crash

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors mentioning usb_conn_gpio or charger
System crash/reboot events coinciding with USB device connection

Network Indicators:

None - this is a local hardware vulnerability

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND ("usb" OR "charger" OR "OTG")

📊 Metadata

CVE ID: CVE-2021-47331

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 21, 2024

Last Updated: December 24, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47331, you might also want to check these: