CVE-2021-47541 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2021-47541?

CVE-2021-47541 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's mlx4_en network driver allows local attackers to potentially crash the system or execute arbitrary code. This affects systems using Mellanox ConnectX-3 network cards with the mlx4_en driver loaded. Attackers need local access to exploit this vulnerability.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's mlx4_en network driver allows local attackers to potentially crash the system or execute arbitrary code. This affects systems using Mellanox ConnectX-3 network cards with the mlx4_en driver loaded. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Linux kernel with mlx4_en driver

Versions: Linux kernel versions before fixes in stable releases (specific commits listed in references)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when CONFIG_MLX4_EN=m is set and Mellanox ConnectX-3 network hardware is present

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to kernel compromise and full system control

🟠

Likely Case

Kernel panic causing system crash and denial of service

🟢

If Mitigated

No impact if driver not loaded or system properly patched

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable

🏢 Internal Only: MEDIUM - Local attackers could crash systems or escalate privileges

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Found via static analysis, may be difficult to trigger in practice. Requires local access and specific hardware/driver configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/676dc7d9b15bf8733233a2db1ec3f9091ab34275

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Rebuild kernel if using custom build 3. Reboot system 4. Verify mlx4_en driver loads without errors

🔧 Temporary Workarounds

Disable mlx4_en module

linux

Prevent loading of vulnerable driver if not needed

echo 'blacklist mlx4_en' >> /etc/modprobe.d/blacklist.conf
rmmod mlx4_en

🧯 If You Can't Patch

Ensure strict access controls to prevent local user exploitation
Monitor system logs for kernel panics or driver errors

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if mlx4_en module is loaded: lsmod | grep mlx4_en

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and driver loads without errors in dmesg

📡 Detection & Monitoring

Log Indicators:

Kernel panics
mlx4_en driver errors in dmesg
Use-after-free warnings in kernel logs

Network Indicators:

Network interface failures on Mellanox cards

SIEM Query:

search 'kernel: mlx4_en' OR 'kernel: BUG: use-after-free'

📊 Metadata

CVE ID: CVE-2021-47541

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 24, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47541, you might also want to check these: