CVE-2021-47499
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's KXCJK-1013 accelerometer driver. When the ACPI type is ACPI_SMO8500, memory allocated for triggered buffers isn't properly freed, causing gradual memory exhaustion. This affects Linux systems using the kxcjk_1013 driver with specific ACPI configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service through resource depletion.
Likely Case
Gradual memory leak over time leading to degraded system performance and potential kernel panics or OOM killer activation.
If Mitigated
Minimal impact with proper monitoring and memory limits in place; system remains functional but may experience performance degradation.
🎯 Exploit Status
Exploitation requires specific hardware configuration (ACPI_SMO8500) and local access; memory leak occurs during normal driver operation rather than through malicious input.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/14508fe13b1c578b3d2ba574f1d48b351975860c
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable kxcjk_1013 driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist kxcjk_1013' >> /etc/modprobe.d/blacklist.conf
rmmod kxcjk_1013
Disable ACPI_SMO8500 support
linuxPrevent the specific ACPI configuration that triggers the vulnerability
Add 'acpi=off' or specific ACPI blacklisting to kernel boot parameters
🧯 If You Can't Patch
- Monitor system memory usage and implement alerting for abnormal memory consumption
- Implement kernel memory limits and restart services if memory usage exceeds thresholds
🔍 How to Verify
Check if Vulnerable:
Check if kxcjk_1013 module is loaded and system has ACPI_SMO8500: lsmod | grep kxcjk_1013 && dmesg | grep -i smo8500Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check /sys/module/kxcjk_1013/taint for no memory leak indicators📡 Detection & Monitoring
Log Indicators:
- Kernel OOM messages
- Increasing memory usage in /proc/meminfo
- dmesg entries about memory allocation failures
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("Out of memory" OR "oom-killer" OR "slab allocation failure")🔗 References
- https://git.kernel.org/stable/c/14508fe13b1c578b3d2ba574f1d48b351975860c
- https://git.kernel.org/stable/c/3899700ddacbf7aaafadf44464fff3ff0d4e3307
- https://git.kernel.org/stable/c/60a55b9d91ba99eb8cf015bc46dc2de05e168a15
- https://git.kernel.org/stable/c/70c9774e180d151abaab358108e3510a8e615215
- https://git.kernel.org/stable/c/8c163a14277115ca962103910ab4cce55e862ffb
- https://git.kernel.org/stable/c/8c1d43f3a3fc7184c42d7398bdf59a2a2903e4fc
- https://git.kernel.org/stable/c/a3730f74159ad00a28960c0efe2a931fe6fe6b45
- https://git.kernel.org/stable/c/ee86d0bad80bdcd11a87e188a596727f41b62320
- https://git.kernel.org/stable/c/14508fe13b1c578b3d2ba574f1d48b351975860c
- https://git.kernel.org/stable/c/3899700ddacbf7aaafadf44464fff3ff0d4e3307
- https://git.kernel.org/stable/c/60a55b9d91ba99eb8cf015bc46dc2de05e168a15
- https://git.kernel.org/stable/c/70c9774e180d151abaab358108e3510a8e615215
- https://git.kernel.org/stable/c/8c163a14277115ca962103910ab4cce55e862ffb
- https://git.kernel.org/stable/c/8c1d43f3a3fc7184c42d7398bdf59a2a2903e4fc
- https://git.kernel.org/stable/c/a3730f74159ad00a28960c0efe2a931fe6fe6b45
- https://git.kernel.org/stable/c/ee86d0bad80bdcd11a87e188a596727f41b62320
