CVE-2021-47524
📋 TL;DR
This vulnerability in the Linux kernel's liteuart serial driver allows a minor number leak when device probe operations fail. This could lead to resource exhaustion or denial-of-service conditions affecting systems using this specific serial driver. Only systems with the liteuart driver loaded are affected.
💻 Affected Systems
- Linux kernel with liteuart driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Resource exhaustion leading to system instability or denial-of-service, potentially preventing legitimate serial devices from being allocated minor numbers.
Likely Case
Minor resource leak that accumulates over multiple failed probe attempts, eventually causing device allocation failures for serial ports.
If Mitigated
Minimal impact with proper monitoring and system maintenance; resource leaks would be detected and addressed before causing operational issues.
🎯 Exploit Status
Requires ability to trigger liteuart probe failures; typically requires local access or specific hardware conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 888fc81107cacd2a4f681bac7bb785cef868214f and dd5e90b16cca8a697cbe17b72e2a5f49291cabb2
Vendor Advisory: https://git.kernel.org/stable/c/888fc81107cacd2a4f681bac7bb785cef868214f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for backported patches. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable liteuart driver
linuxPrevent loading of vulnerable driver if not needed
echo 'blacklist liteuart' >> /etc/modprobe.d/blacklist.conf
rmmod liteuart
🧯 If You Can't Patch
- Monitor /proc/devices for unusual minor number allocation patterns
- Implement system monitoring for resource exhaustion alerts
🔍 How to Verify
Check if Vulnerable:
Check if liteuart driver is loaded: lsmod | grep liteuart. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution security updates. Confirm liteuart driver loads without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel messages about liteuart probe failures
- System logs showing device allocation errors
Network Indicators:
- None - local resource issue only
SIEM Query:
kernel: *liteuart* AND (fail* OR error* OR probe*)