CVE-2021-47533 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2021-47533?

CVE-2021-47533 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's VC4 display driver that could allow local attackers to cause kernel crashes or potentially execute arbitrary code. It affects systems using the VC4 driver for Broadcom VideoCore graphics, primarily Raspberry Pi devices and other embedded systems with this hardware. The vulnerability occurs when the kernel fails to clear a pointer after use, leading to potential memory corruption.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's VC4 display driver that could allow local attackers to cause kernel crashes or potentially execute arbitrary code. It affects systems using the VC4 driver for Broadcom VideoCore graphics, primarily Raspberry Pi devices and other embedded systems with this hardware. The vulnerability occurs when the kernel fails to clear a pointer after use, leading to potential memory corruption.

💻 Affected Systems

Products:

Linux kernel with VC4 display driver

Versions: Linux kernel versions containing commit 9ec03d7f1ed3 up to patches fixing CVE-2021-47533

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the VC4 display driver (primarily Raspberry Pi and similar Broadcom VideoCore hardware). Systems without this hardware or with the driver disabled are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel mode, allowing complete system compromise and arbitrary code execution at the highest privilege level.

🟠

Likely Case

Kernel panic or system crash leading to denial of service, with potential for limited information disclosure from kernel memory.

🟢

If Mitigated

System remains stable with no impact if patched or if the vulnerable driver is not in use.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or processes could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory layout. No public exploits are known, but the vulnerability type (use-after-free) is commonly exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 2931db9a5ed219546cf2ae0546698faf78281b89 or d134c5ff71c7f2320fc7997f2fbbdedf0c76889a

Vendor Advisory: https://git.kernel.org/stable/c/2931db9a5ed219546cf2ae0546698faf78281b89

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For Raspberry Pi OS: 'sudo apt update && sudo apt upgrade'. 3. For other distributions: Use your package manager to update kernel packages. 4. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable VC4 driver

linux

Prevent loading of the vulnerable VC4 display driver module

echo 'blacklist vc4' | sudo tee /etc/modprobe.d/blacklist-vc4.conf
sudo update-initramfs -u
sudo reboot

🧯 If You Can't Patch

Restrict local user access to systems using VC4 driver
Implement strict privilege separation and limit users who can access display-related operations

🔍 How to Verify

Check if Vulnerable:

Check if VC4 driver is loaded: 'lsmod | grep vc4'. If loaded, check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix: 'uname -r' and check if it's newer than vulnerable versions. Confirm VC4 driver loads without issues.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes/panics related to VC4 or display driver
dmesg errors mentioning use-after-free or memory corruption

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("vc4" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2021-47533

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 24, 2024

Last Updated: September 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47533, you might also want to check these: