CVE-2021-47360 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2021-47360?

CVE-2021-47360 has a CVSS score of 5.5 (MEDIUM). A race condition vulnerability in the Linux kernel's binder driver could cause file descriptors to remain open indefinitely, potentially leading to process hangs or resource exhaustion. This affects Linux systems using the Android binder IPC mechanism, primarily impacting Android devices and Linux servers with binder enabled.

📋 TL;DR

A race condition vulnerability in the Linux kernel's binder driver could cause file descriptors to remain open indefinitely, potentially leading to process hangs or resource exhaustion. This affects Linux systems using the Android binder IPC mechanism, primarily impacting Android devices and Linux servers with binder enabled.

💻 Affected Systems

Products:

Linux kernel with binder driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with binder enabled, Android

Default Config Vulnerable: ⚠️ Yes

Notes: Primarily affects Android devices and Linux systems with binder IPC enabled; binder is Android-specific but can be compiled into standard Linux kernels.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Process hangs leading to denial of service, potential resource exhaustion attacks, and system instability requiring reboot.

🟠

Likely Case

Intermittent process hangs affecting binder-dependent applications, reduced system reliability.

🟢

If Mitigated

Minimal impact with proper kernel patching; binder is typically restricted to specific contexts.

🌐 Internet-Facing: LOW - Binder IPC is typically internal to system processes and not directly exposed to network interfaces.

🏢 Internal Only: MEDIUM - Could affect system stability and application functionality on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger binder operations; race condition exploitation requires precise timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits: 5fdb55c1ac9585eb23bb2541d5819224429e103d, aa2c274c279ff365a06a4cba263f04965895166e, b95483d8d94b41fa31a84c1d86710b7907a37621, d5b0473707fa53b03a5db0256ce62b2874bddbc7

Vendor Advisory: https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For Android devices, apply vendor security updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable binder driver

linux

Remove or disable binder IPC if not required

modprobe -r binder
echo 'blacklist binder' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict access to binder interface using SELinux/AppArmor policies
Monitor system for process hangs and resource exhaustion

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if binder module is loaded: 'lsmod | grep binder' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'git log --oneline | grep -E "(5fdb55c1|aa2c274c|b95483d8|d5b04737)"'

📡 Detection & Monitoring

Log Indicators:

Process hangs in binder-related processes
File descriptor exhaustion warnings in kernel logs

Network Indicators:

None - local vulnerability only

SIEM Query:

Process monitoring for binder processes showing abnormal termination or resource usage

📊 Metadata

CVE ID: CVE-2021-47360

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-252

Published: May 21, 2024

Last Updated: May 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47360, you might also want to check these: