Login Sign Up

CVE-2021-47527

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory leak and resource management vulnerability in the Linux kernel's serial driver subsystem. When a serial port is closed, the transmit buffer isn't properly freed, causing memory leaks and potential indefinite waits for buffer draining operations. This affects any Linux system using serial ports, particularly embedded devices, servers with serial consoles, and systems with serial hardware.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing commit 761ed4a94582 up to patched versions
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using serial ports. Console ports are partially affected as shutdown() callback isn't called for them.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System memory exhaustion leading to denial of service, indefinite hangs during serial operations, or transmission of stale data when serial transmission restarts.

🟠

Likely Case

Gradual memory leak over multiple serial port open/close cycles, potentially causing system instability or performance degradation.

🟢

If Mitigated

Minimal impact with proper monitoring and memory management, though potential for occasional hangs during serial operations.

🌐 Internet-Facing: LOW - Serial ports are rarely exposed to internet-facing interfaces.
🏢 Internal Only: MEDIUM - Affects systems using serial consoles, embedded devices, or industrial control systems with serial interfaces.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires access to serial port operations. Exploitation would involve repeatedly opening/closing serial ports to cause memory exhaustion or triggering specific ioctl operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/00de977f9e0aa9760d9a79d1e41ff780f74e3424

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable unused serial ports

linux

Prevent exploitation by disabling serial ports not in use

echo "blacklist serial_core" > /etc/modprobe.d/disable-serial.conf
update-initramfs -u
reboot

Monitor serial port usage

linux

Detect abnormal serial port open/close patterns

watch -n 60 "ls -la /dev/ttyS*"
journalctl -f | grep -i serial

🧯 If You Can't Patch

  • Implement strict access controls to serial devices (chmod 600 /dev/ttyS*)
  • Monitor system memory usage and serial port activity for signs of exploitation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if serial ports are in use: uname -r && ls -la /dev/ttyS*

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and monitor for memory leaks during serial port operations

📡 Detection & Monitoring

Log Indicators:

  • Repeated serial port open/close events
  • Increasing memory usage without clear cause
  • Kernel oom-killer events

Network Indicators:

  • Serial port traffic patterns (if monitored)

SIEM Query:

source="kernel" AND ("serial" OR "tty") AND ("open" OR "close" OR "memory")

📊 Metadata

CVE ID: CVE-2021-47527
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: May 24, 2024
Last Updated: September 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47527, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)