CVE-2021-47483
📋 TL;DR
A double-free memory corruption vulnerability in the Linux kernel's regmap subsystem that could lead to system crashes or potential privilege escalation. This affects Linux systems using specific hardware drivers that utilize the regmap framework for device register access.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation if an attacker can trigger the double-free and execute arbitrary code.
Likely Case
System crash or kernel panic causing denial of service when the vulnerable code path is triggered during device initialization or operation.
If Mitigated
No impact if the vulnerable code path is not triggered or if systems are properly patched.
🎯 Exploit Status
Exploitation requires triggering specific error conditions during device initialization, making reliable exploitation challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with the fix from the provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable affected hardware modules
linuxPrevent loading of hardware drivers that use the vulnerable regmap framework
modprobe -r madera_spi
echo 'blacklist madera_spi' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict access to hardware interfaces that could trigger the vulnerable code path
- Implement strict process isolation and privilege separation to limit impact if exploitation occurs
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it's before the patched versions referenced in the git commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to a version containing one of the fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN double-free reports in dmesg
- System crash logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
search 'KASAN: double-free' OR 'regcache_rbtree_exit' in kernel logs🔗 References
- https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f
- https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6
- https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091
- https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047
- https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83
- https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6
- https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999
- https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2
- https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f
- https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6
- https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091
- https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047
- https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83
- https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6
- https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999
- https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2
