CVE-2021-47522 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2021-47522?

CVE-2021-47522 has a CVSS score of 5.5 (MEDIUM). This CVE describes a null pointer dereference vulnerability in the Linux kernel's HID bigbenff driver. When emulating the device through uhid, the driver may attempt to access a null report_field pointer, potentially causing a kernel panic or system crash. This affects Linux systems using the bigbenff HID driver.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in the Linux kernel's HID bigbenff driver. When emulating the device through uhid, the driver may attempt to access a null report_field pointer, potentially causing a kernel panic or system crash. This affects Linux systems using the bigbenff HID driver.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions not specified in CVE; check kernel commit history for exact range

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires bigbenff HID driver to be loaded and uhid device emulation; not all systems may have this configuration.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.

🟠

Likely Case

System crash or kernel panic when specific HID device emulation conditions are met, resulting in denial of service.

🟢

If Mitigated

Minimal impact with proper kernel hardening and privilege separation; system may log warnings but remain stable.

🌐 Internet-Facing: LOW - Requires local access or specific device emulation; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could potentially trigger the vulnerability to cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions with uhid device emulation; local access likely needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 58f15f5ae7786c824868f3a7e093859b74669ce7, 6272b17001e6fdcf7b4a16206287010a1523fa6e, 8e0ceff632f48175ec7fb4706129c55ca8a7c7bd, 918aa1ef104d286d16b9e7ef139a463ac7a296f0

Vendor Advisory: https://git.kernel.org/stable/c/58f15f5ae7786c824868f3a7e093859b74669ce7

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check kernel commit includes fixes. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable bigbenff module

linux

Prevent loading of vulnerable HID driver module

echo 'blacklist bigbenff' >> /etc/modprobe.d/blacklist.conf
rmmod bigbenff

Restrict uhid access

linux

Limit access to uhid device to prevent emulation

chmod 600 /dev/uhid
setfacl -m u:root:rw /dev/uhid

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from accessing uhid devices
Monitor system logs for kernel panic events and implement alerting for potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if bigbenff module is loaded: lsmod | grep bigbenff. Check kernel version against patched commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: grep -r '58f15f5ae7786c824868f3a7e093859b74669ce7' /usr/src/linux/. Ensure bigbenff module functions without crashes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
Oops messages in dmesg
System crash logs

Network Indicators:

None - local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "null pointer dereference") AND "bigbenff"

📊 Metadata

CVE ID: CVE-2021-47522

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 24, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47522, you might also want to check these: