Login Sign Up

CVE-2021-47356

7.7 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's mISDN subsystem allows potential memory corruption when the HFC_cleanup() function is called during module removal. This affects Linux systems using the mISDN module for ISDN telephony services. Attackers could potentially exploit this to crash the system or execute arbitrary code with kernel privileges.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected kernel versions not specified in CVE, but vulnerability exists in unpatched versions with mISDN support.
Operating Systems: Linux distributions with mISDN support
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if mISDN module is loaded. Most systems don't load this module by default as it's for ISDN telephony hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or arbitrary code execution with kernel privileges leading to complete system compromise.

🟠

Likely Case

System instability, kernel panic, or denial of service when the mISDN module is loaded/unloaded.

🟢

If Mitigated

No impact if mISDN module is not loaded or system is patched.

🌐 Internet-Facing: LOW - Requires local access or ability to load/unload kernel modules.
🏢 Internal Only: MEDIUM - Could be exploited by users with sufficient privileges to manipulate kernel modules.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to trigger module removal or timer manipulation. Likely requires local access and kernel module loading privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commit 009fc857c5f6fda81f2f7dd851b2d54193a8e733 or later

Vendor Advisory: https://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Reboot system. 3. Verify mISDN module is not loaded if not needed.

🔧 Temporary Workarounds

Unload mISDN module

linux

Remove the vulnerable module if not required for system functionality

sudo rmmod mISDN
sudo modprobe -r mISDN

Blacklist mISDN module

linux

Prevent mISDN module from loading automatically

echo 'blacklist mISDN' | sudo tee /etc/modprobe.d/blacklist-misdn.conf

🧯 If You Can't Patch

  • Ensure mISDN module is not loaded (check with 'lsmod | grep mISDN')
  • Restrict kernel module loading to authorized users only

🔍 How to Verify

Check if Vulnerable:

Check if mISDN module is loaded: 'lsmod | grep -i mISDN'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commit: 'uname -r' and verify with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • System crashes when loading/unloading modules
  • mISDN module load/unload events in system logs

Network Indicators:

  • None - local vulnerability

SIEM Query:

EventID=41 OR Source='kernel' AND (Message LIKE '%panic%' OR Message LIKE '%mISDN%')

📊 Metadata

CVE ID: CVE-2021-47356
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-416
Published: May 21, 2024
Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47356, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)