CVE-2021-47520
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem affecting the pch_can driver. It allows attackers with local access to potentially crash the system or execute arbitrary code by exploiting memory corruption after network packet processing. Systems using the pch_can driver for CAN bus communication are affected.
💻 Affected Systems
- Linux kernel with pch_can driver enabled
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise and persistence.
Likely Case
Kernel panic or system crash causing denial of service, potentially requiring physical access to restart.
If Mitigated
Limited to denial of service if exploit attempts are detected and blocked by security controls.
🎯 Exploit Status
Requires local access and knowledge of kernel exploitation techniques. No public exploits known as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 3a3c46e2eff0577454860a203be1a8295f4acb76, 3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa, 6c73fc931658d8cbc8a1714b326cb31eb71d16a7, 703dde112021c93d6e89443c070e7dbd4dea612e, 94cddf1e9227a171b27292509d59691819c458db
Vendor Advisory: https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable pch_can driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist pch_can' >> /etc/modprobe.d/blacklist.conf
rmmod pch_can
🧯 If You Can't Patch
- Restrict local access to systems using pch_can driver
- Implement kernel hardening measures like SELinux/AppArmor to limit impact
🔍 How to Verify
Check if Vulnerable:
Check if pch_can module is loaded: lsmod | grep pch_can. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check that pch_can module functions normally after update.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes/panics
- CAN subsystem errors in dmesg
Network Indicators:
- Unusual CAN bus traffic patterns
SIEM Query:
Search for kernel panic events or module loading failures related to pch_can🔗 References
- https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76
- https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa
- https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7
- https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e
- https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db
- https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4
- https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3
- https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d
- https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76
- https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa
- https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7
- https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e
- https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db
- https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4
- https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3
- https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d
