CVE-2021-47404
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's HID betop driver allows attackers to write beyond allocated memory boundaries. This affects Linux systems using the hid-betopff driver when malicious USB HID devices are connected. Attackers could potentially execute arbitrary code or crash the kernel.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel privilege escalation leading to full system compromise, arbitrary code execution with kernel privileges, or persistent denial of service.
Likely Case
Kernel panic or system crash when a malicious USB device is connected, causing temporary denial of service.
If Mitigated
No impact if the vulnerable driver is not loaded or malicious USB devices are prevented from connecting.
🎯 Exploit Status
Exploitation requires physical access to connect malicious USB device or ability to load malicious driver module. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 1c83c38dec83d57bc18d0c01d82c413d3b34ccb9, 1e4ce418b1cb1a810256b5fb3fd33d22d1325993, 6fc4476dda58f6c00097c7ddec3b772513f57525, 708107b80aa616976d1c5fa60ac0c1390749db5e, a4faa7153b87fbcfe4be15f4278676f79ca6e019
Vendor Advisory: https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34cc5b9
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Blacklist hid-betopff driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist hid-betopff' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
Disable USB device auto-loading
linuxPrevent automatic loading of HID drivers for unknown devices
echo 'install usb-storage /bin/true' >> /etc/modprobe.d/disable-usb.conf
echo 'install hid-betopff /bin/true' >> /etc/modprobe.d/disable-usb.conf
🧯 If You Can't Patch
- Physically restrict USB port access to prevent malicious device connections
- Implement USB device whitelisting policies to only allow authorized devices
🔍 How to Verify
Check if Vulnerable:
Check if hid-betopff module is loaded: lsmod | grep hid_betopffCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions or verify driver is blacklisted📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes after USB device connection
- dmesg errors mentioning hid-betopff or slab corruption
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND ("hid-betopff" OR "slab-out-of-bounds" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9
- https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993
- https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525
- https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e
- https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019
- https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914
- https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee
- https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550
- https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9
- https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993
- https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525
- https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e
- https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019
- https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914
- https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee
- https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550
