CVE-2021-47385
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's w83792d hardware monitoring driver. When specific conditions are met during device reading, the driver attempts to access a pointer that hasn't been properly initialized, causing a kernel crash. This affects systems using the w83792d hardware monitoring chip with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel with w83792d hardware monitoring driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical reboot of affected systems.
Likely Case
System instability or crash when the hardware monitoring driver attempts to read specific values from the w83792d chip.
If Mitigated
No impact if the vulnerable driver is not loaded or the specific hardware is not present.
🎯 Exploit Status
Exploitation requires local access and specific hardware conditions. The vulnerability was found through static analysis rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0f36b88173f028e372668ae040ab1a496834d278 and related commits
Vendor Advisory: https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commit. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable w83792d module
linuxPrevent loading of the vulnerable driver module
echo 'blacklist w83792d' >> /etc/modprobe.d/blacklist.conf
rmmod w83792d
🧯 If You Can't Patch
- Ensure proper access controls to prevent unauthorized local access to systems
- Monitor systems for kernel crashes or instability related to hardware monitoring
🔍 How to Verify
Check if Vulnerable:
Check if w83792d module is loaded: lsmod | grep w83792d AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commit or check with distribution-specific security tools📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "w83792d" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278
- https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3
- https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1
- https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3
- https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278
- https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3
- https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1
- https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3
