CVE-2021-47456
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's peak_pci CAN bus driver that occurs during module removal. When exploited, it allows local attackers to potentially execute arbitrary code or cause denial of service. Systems using the peak_pci driver with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel peak_pci CAN bus driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact if proper access controls prevent local users from loading/unloading kernel modules.
🎯 Exploit Status
Requires local access and ability to load/unload kernel modules. Exploitation would require crafting specific memory conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the referenced git commits (0e5afdc2315b0737edcf55bede4ee1640d2d464d and others)
Vendor Advisory: https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify peak_pci module loads correctly if needed.
🔧 Temporary Workarounds
Disable peak_pci module loading
linuxPrevent loading of vulnerable peak_pci driver module
echo 'blacklist peak_pci' >> /etc/modprobe.d/blacklist-peak_pci.conf
rmmod peak_pci
Restrict module loading
linuxPrevent unauthorized users from loading/unloading kernel modules
sysctl -w kernel.modules_disabled=1
chmod 700 /sbin/modprobe
🧯 If You Can't Patch
- Restrict local user access to systems using peak_pci driver
- Implement strict module loading policies and monitor for unauthorized module operations
🔍 How to Verify
Check if Vulnerable:
Check if peak_pci module is loaded: lsmod | grep peak_pci. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable versions. Test peak_pci module removal: modprobe -r peak_pci (if loaded).📡 Detection & Monitoring
Log Indicators:
- KASAN use-after-free reports in kernel logs
- BUG: KASAN: use-after-free in peak_pci_remove
- System crashes or kernel panics during module operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "peak_pci_remove" AND ("use-after-free" OR "KASAN")🔗 References
- https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d
- https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699
- https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38
- https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69
- https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250
- https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9
- https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98
- https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9
- https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d
- https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699
- https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38
- https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69
- https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250
- https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9
- https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98
- https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9
