CVE-2021-47380
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the AMD SFH (Sensor Fusion Hub) driver in the Linux kernel. The vulnerability occurs when devm_add_action_or_reset() triggers amd_mp2_pci_remove() before data structures are properly initialized, potentially causing kernel crashes or system instability. This affects Linux systems with AMD SFH hardware support.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing local privilege escalation if combined with other vulnerabilities.
Likely Case
System instability or crash when AMD SFH hardware is present and the vulnerable driver is loaded, requiring physical access or local user privileges to trigger.
If Mitigated
Minimal impact with proper access controls and updated kernel versions.
🎯 Exploit Status
Exploitation requires local access and specific conditions to trigger the NULL pointer dereference. No public exploits have been documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 283e4bee701dfcd409dd293f19a268bb2bc8ff38 or d46ef750ed58cbeeba2d9a55c99231c30a172764
Vendor Advisory: https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. Reboot the system to load the patched kernel. 3. Verify the kernel version and that the fix is applied.
🔧 Temporary Workarounds
Disable AMD SFH driver
linuxPrevent loading of the vulnerable amd_sfh driver module
echo 'blacklist amd_sfh' >> /etc/modprobe.d/blacklist.conf
rmmod amd_sfh
Restrict local access
allLimit local user access to systems with vulnerable kernels
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor systems for kernel crashes or instability related to AMD SFH hardware
🔍 How to Verify
Check if Vulnerable:
Check if the amd_sfh module is loaded: lsmod | grep amd_sfh. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '283e4bee701dfcd409dd293f19a268bb2bc8ff38\|d46ef750ed58cbeeba2d9a55c99231c30a172764' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors related to amd_sfh
Network Indicators:
- No network indicators - local vulnerability only
SIEM Query:
source="kern.log" AND "NULL pointer dereference" AND "amd_sfh"