CVE-2021-47361
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's mcb_alloc_bus() function. If exploited, it could allow local attackers to crash the system or potentially execute arbitrary code with kernel privileges. This affects Linux systems with the MCB (Memory Controller Bridge) subsystem enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise and potential lateral movement.
Likely Case
Kernel panic or system crash causing denial of service, requiring system reboot.
If Mitigated
Limited impact if exploit fails or system has kernel hardening protections like KASLR and SMEP/SMAP enabled.
🎯 Exploit Status
Requires local access and ability to trigger the specific error path in mcb_alloc_bus(). Exploit would need to bypass kernel protections.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases referenced in the CVE links
Vendor Advisory: https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable MCB subsystem
linuxPrevent loading of vulnerable MCB module if not required
echo 'blacklist mcb' > /etc/modprobe.d/blacklist-mcb.conf
rmmod mcb
🧯 If You Can't Patch
- Restrict local access to trusted users only
- Implement kernel hardening features like KASLR, SMEP, SMAP, and stack canaries
🔍 How to Verify
Check if Vulnerable:
Check if MCB module is loaded: lsmod | grep mcb. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and MCB module functions correctly if needed.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes/panics
- MCB-related error messages in dmesg
Network Indicators:
- None - local exploit only
SIEM Query:
Search for kernel panic events or MCB module loading failures🔗 References
- https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f
- https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae
- https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b
- https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0
- https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea
- https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0
- https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499
- https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f
- https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae
- https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b
- https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0
- https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea
- https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0
- https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499
