CVE-2021-47540
📋 TL;DR
A NULL pointer dereference vulnerability in the mt7915 wireless driver in the Linux kernel allows local attackers to cause a kernel panic (denial of service) when creating an IBSS (ad-hoc) network interface. This affects systems using MediaTek MT7915-based wireless hardware with the vulnerable driver version. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with mt76 wireless driver for MediaTek MT7915 chipsets
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot the system.
Likely Case
System crash when a user attempts to create an IBSS (ad-hoc) wireless network, requiring reboot to restore functionality.
If Mitigated
No impact if IBSS functionality is not used or if the system has been patched.
🎯 Exploit Status
Exploitation requires local access to create wireless interfaces. No privilege escalation or code execution demonstrated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 14b03b8cebdf18ff13c39d58501b625411314de2, 6e53d6d26920d5221d3f4d4f5ffdd629ea69aa5c, 932b338f4e5c4cb0c2ed640da3bced1e63620198
Vendor Advisory: https://git.kernel.org/stable/c/14b03b8cebdf18ff13c39d58501b625411314de2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable IBSS mode
linuxPrevent creation of IBSS (ad-hoc) wireless interfaces to avoid triggering the vulnerability
# Use network manager or iw to ensure no IBSS interfaces are created
# Consider removing wireless interface if not needed
Blacklist mt7915e module
linuxPrevent loading of the vulnerable driver module (if wireless functionality not required)
echo 'blacklist mt7915e' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable hardware
- Monitor for kernel panic events and investigate any IBSS interface creation attempts
🔍 How to Verify
Check if Vulnerable:
Check if mt7915e module is loaded: lsmod | grep mt7915e. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test creating IBSS interface to confirm no crash.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning mt7915_get_phy_mode
- IBSS interface creation attempts in wireless logs
- System crash/reboot events
Network Indicators:
- Unexpected system downtime affecting services
SIEM Query:
event_source="kernel" AND (message="NULL pointer dereference" OR message="mt7915" OR message="IBSS")🔗 References
- https://git.kernel.org/stable/c/14b03b8cebdf18ff13c39d58501b625411314de2
- https://git.kernel.org/stable/c/6e53d6d26920d5221d3f4d4f5ffdd629ea69aa5c
- https://git.kernel.org/stable/c/932b338f4e5c4cb0c2ed640da3bced1e63620198
- https://git.kernel.org/stable/c/14b03b8cebdf18ff13c39d58501b625411314de2
- https://git.kernel.org/stable/c/6e53d6d26920d5221d3f4d4f5ffdd629ea69aa5c
- https://git.kernel.org/stable/c/932b338f4e5c4cb0c2ed640da3bced1e63620198
