CVE-2021-47422
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's Nouveau graphics driver. When specific file operations are performed, the driver fails to properly release allocated memory, causing gradual resource exhaustion. This affects systems using the open-source Nouveau driver for NVIDIA graphics cards.
💻 Affected Systems
- Linux kernel with Nouveau driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel panic/crash.
Likely Case
Gradual memory consumption over time leading to performance degradation and eventual system instability requiring reboot.
If Mitigated
Minimal impact with proper monitoring and memory limits in place; system remains functional but may experience performance issues.
🎯 Exploit Status
Requires local access and ability to trigger specific file operations in the Nouveau driver; not trivial to exploit for privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the git commits referenced in the CVE
Vendor Advisory: https://git.kernel.org/stable/c/0b3d4945cc7e7ea1acd52cb06dfa83bfe265b6d5
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Nouveau driver
linuxBlacklist Nouveau module and use proprietary NVIDIA driver instead
echo 'blacklist nouveau' >> /etc/modprobe.d/blacklist-nouveau.conf
update-initramfs -u
reboot
Limit memory usage
linuxSet memory limits for processes using cgroups to contain potential memory exhaustion
cgcreate -g memory:limited_group
echo '100M' > /sys/fs/cgroup/memory/limited_group/memory.limit_in_bytes
🧯 If You Can't Patch
- Monitor system memory usage closely for unusual consumption patterns
- Implement process isolation and resource limits for users/processes accessing graphics functions
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if Nouveau driver is loaded: 'lsmod | grep nouveau' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable commits and Nouveau driver functions normally📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg
- Gradually increasing memory usage in system logs
- Process crashes related to graphics operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "OOM" OR "memory allocation failure") AND process="nouveau"🔗 References
- https://git.kernel.org/stable/c/0b3d4945cc7e7ea1acd52cb06dfa83bfe265b6d5
- https://git.kernel.org/stable/c/0b4e9fc14973a94ac0520f19b3633493ae13c912
- https://git.kernel.org/stable/c/65fff0a8efcdca8d84ffe3e23057c3b32403482d
- https://git.kernel.org/stable/c/0b3d4945cc7e7ea1acd52cb06dfa83bfe265b6d5
- https://git.kernel.org/stable/c/0b4e9fc14973a94ac0520f19b3633493ae13c912
- https://git.kernel.org/stable/c/65fff0a8efcdca8d84ffe3e23057c3b32403482d
