CVE-2021-47358
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's greybus UART driver. It allows attackers to potentially execute arbitrary code or cause denial of service by exploiting improper reference counting when user space holds a tty open indefinitely. Systems using affected Linux kernel versions with greybus UART functionality are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact with proper kernel hardening and minimal greybus usage.
🎯 Exploit Status
Requires local access and knowledge of greybus UART usage. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 4dc56951a8d9d61d364d346c61a5f1d70b4f5e14 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version post-reboot.
🔧 Temporary Workarounds
Disable greybus UART module
linuxPrevent loading of vulnerable greybus UART driver
echo 'blacklist gb-uart' >> /etc/modprobe.d/blacklist.conf
rmmod gb-uart
🧯 If You Can't Patch
- Restrict local user access to systems with greybus functionality
- Implement strict kernel module loading policies
🔍 How to Verify
Check if Vulnerable:
Check if greybus UART module is loaded: lsmod | grep gb-uartCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and greybus UART functions properly📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes related to tty or greybus
Network Indicators:
- None - local exploit only
SIEM Query:
Search for kernel panic logs or unexpected system reboots on greybus-enabled systems🔗 References
- https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14
- https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f
- https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d
- https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f
- https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1
- https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69
- https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6
- https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14
- https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f
- https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d
- https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f
- https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1
- https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69
- https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6
