CVE-2021-47338 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2021-47338?

CVE-2021-47338 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's framebuffer subsystem (fbmem). It allows attackers with local access to potentially execute arbitrary code or crash the system by deleting video modes that are still in use. Any system running an affected Linux kernel version is vulnerable.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's framebuffer subsystem (fbmem). It allows attackers with local access to potentially execute arbitrary code or crash the system by deleting video modes that are still in use. Any system running an affected Linux kernel version is vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires framebuffer device access. Systems without framebuffer devices or with restricted permissions may be less vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

Limited impact if proper access controls prevent untrusted users from accessing framebuffer devices.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Local users or processes could exploit this, but requires framebuffer access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and framebuffer device permissions. The vulnerability is in kernel-space code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 087bff9acd2ec6db3f61aceb3224bde90fe0f7f8, 0af778269a522c988ef0b4188556aba97fb420cc, 359311b85ebec7c07c3a08ae2f3def946cad33fa, d6e76469157d8f240e5dec6f8411aa8d306b1126, f193509afc7ff37a46862610c93b896044d5b693

Vendor Advisory: https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Restrict framebuffer device access

linux

Limit access to framebuffer devices (/dev/fb*) to trusted users only.

chmod 600 /dev/fb*
chown root:root /dev/fb*

🧯 If You Can't Patch

Restrict framebuffer device permissions to root only
Disable framebuffer devices if not needed

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's patched versions. Vulnerable if running kernel before fix commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than distribution's patched version.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN use-after-free reports in dmesg
System crashes related to framebuffer

Network Indicators:

None - local vulnerability

SIEM Query:

Search for kernel panic events or use-after-free errors in system logs

📊 Metadata

CVE ID: CVE-2021-47338

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 21, 2024

Last Updated: December 24, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47338, you might also want to check these: