CVE-2021-47420 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2021-47420?

CVE-2021-47420 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's AMDKFD (Kernel Fusion Driver) component. When user-space memory is mapped for DMA operations, the kernel fails to free allocated scatter-gather (SG) memory structures, leading to gradual memory exhaustion. This affects systems using AMD GPUs with the amdgpu driver and KFD enabled.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's AMDKFD (Kernel Fusion Driver) component. When user-space memory is mapped for DMA operations, the kernel fails to free allocated scatter-gather (SG) memory structures, leading to gradual memory exhaustion. This affects systems using AMD GPUs with the amdgpu driver and KFD enabled.

💻 Affected Systems

Products:

Linux kernel with AMDKFD driver

Versions: Linux kernel versions with the vulnerable code (specific commit range between the fix commits)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD GPU with amdgpu driver and KFD enabled; typical in AMD GPU compute/workstation systems.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.

🟠

Likely Case

Gradual memory consumption over time leading to performance degradation and eventual system instability requiring reboot.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place; system remains functional but may experience performance issues.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or compromised applications could trigger the memory leak, affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger DMA mapping operations through the KFD interface; typically requires local access or compromised application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 7e5ce6029b627efb4a004746cfdc1eeff850e6eb and b072ef1215aca33186e3a10109e872e528a9e516 applied

Vendor Advisory: https://git.kernel.org/stable/c/7e5ce6029b627efb4a004746cfdc1eeff850e6eb

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable KFD module

linux

Prevent loading of the vulnerable kernel module if AMD GPU compute features are not required

echo 'blacklist amdkfd' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Monitor system memory usage closely for abnormal consumption patterns
Implement process memory limits and restart services using AMD GPU compute features periodically

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if amdkfd module is loaded: 'lsmod | grep amdkfd' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or is newer than vulnerable versions; check 'dmesg | grep -i kfd' for errors

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages in dmesg
Increasing memory usage without corresponding process allocation

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("out of memory" OR "oom") AND process="kfd"

📊 Metadata

CVE ID: CVE-2021-47420

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: May 21, 2024

Last Updated: December 30, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47420, you might also want to check these: