CVE-2021-47525 – This CVE describes a use-after-free and memory ... (How to Fix)

Q: What is the severity of CVE-2021-47525?

CVE-2021-47525 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free and memory leak vulnerability in the Linux kernel's liteuart serial driver. When unbinding the driver, it fails to properly deregister the port, allowing continued use after driver data release and leaking memory. This affects systems using the liteuart serial driver in the Linux kernel.

📋 TL;DR

This CVE describes a use-after-free and memory leak vulnerability in the Linux kernel's liteuart serial driver. When unbinding the driver, it fails to properly deregister the port, allowing continued use after driver data release and leaking memory. This affects systems using the liteuart serial driver in the Linux kernel.

💻 Affected Systems

Products:

Linux kernel with liteuart driver

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if liteuart driver is loaded and used. Many systems may not use this specific serial driver.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger the use-after-free condition to execute arbitrary code.

🟠

Likely Case

System instability, kernel crashes, or denial of service due to memory corruption or exhaustion from the memory leak.

🟢

If Mitigated

Limited impact if systems don't use liteuart driver or have proper kernel hardening features enabled.

🌐 Internet-Facing: LOW - Requires local access or specific driver usage; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires local access or physical access to serial ports; could be exploited by malicious local users or through other vulnerabilities.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to unbind the liteuart driver. Exploitation would require triggering the use-after-free condition to achieve code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 05f929b395dec8957b636ff14e66b277ed022ed9 and 602824cf9aa9db8830ffe5cfb2cd54365cada4fe

Vendor Advisory: https://git.kernel.org/stable/c/05f929b395dec8957b636ff14e66b277ed022ed9

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable liteuart driver

linux

Prevent loading of the vulnerable liteuart driver module

echo 'blacklist liteuart' >> /etc/modprobe.d/blacklist-liteuart.conf
rmmod liteuart

Restrict driver unbinding

linux

Limit ability to unbind drivers through sysfs

chmod 440 /sys/bus/platform/drivers/liteuart/unbind

🧯 If You Can't Patch

Ensure strict access controls to prevent unauthorized local users from accessing system
Monitor system logs for kernel crashes or memory exhaustion alerts

🔍 How to Verify

Check if Vulnerable:

Check if liteuart driver is loaded: 'lsmod | grep liteuart' and check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'uname -r' and check with distribution vendor for patch status

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes/panics
Memory allocation failures in kernel logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("liteuart" OR "use-after-free" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2021-47525

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 24, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47525, you might also want to check these: