Login Sign Up

CVE-2021-47553

7.8 HIGH
Denial of Service

📋 TL;DR

A Linux kernel vulnerability where CPU hotplug operations leave stale shadow call stack (SCS) and KASAN shadow memory in idle tasks, causing memory leaks and potential false KASAN warnings. This affects systems using KASAN or SCS with CPU hotplug capabilities. Exploitation requires local access to trigger CPU offlining/onlining.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Versions with commits between f1a0a376ca0c4ef1 and 63acd42c0d4942f7 (specific kernel versions vary by distribution).
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when KASAN and/or SCS are enabled with CPU hotplug support. Most default configurations don't enable these features.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to kernel crashes, denial of service, or false security warnings that mask real threats.

🟠

Likely Case

Gradual memory exhaustion from SCS leaks and false positive KASAN alerts during CPU hotplug cycles.

🟢

If Mitigated

Minor performance impact from memory leaks if hotplug is infrequent.

🌐 Internet-Facing: LOW - Requires local access to trigger CPU hotplug.
🏢 Internal Only: MEDIUM - Local users or automated processes could trigger hotplug causing system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger CPU hotplug operations, typically needing elevated privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 229c555260cb9c1ccdab861e16f0410f1718f302 and later

Vendor Advisory: https://git.kernel.org/stable/c/229c555260cb9c1ccdab861e16f0410f1718f302

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels: apply commits 229c555260cb9c1ccdab861e16f0410f1718f302 and dce1ca0525bfdc8a69a9343bc714fbc19a2f04b3. 3. Reboot system.

🔧 Temporary Workarounds

Disable CPU Hotplug

linux

Prevent CPU offlining/onlining to avoid triggering the vulnerability

echo 0 | sudo tee /sys/devices/system/cpu/cpu*/online 2>/dev/null || true
sudo chattr +i /sys/devices/system/cpu/cpu*/online

Disable KASAN/SCS Features

linux

Disable kernel address sanitizer and shadow call stack if not required

Rebuild kernel without CONFIG_KASAN and CONFIG_SHADOW_CALL_STACK

🧯 If You Can't Patch

  • Restrict CPU hotplug permissions to root only
  • Monitor system logs for KASAN warnings and CPU hotplug events

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if KASAN/SCS are enabled: uname -r && grep -E 'CONFIG_KASAN|CONFIG_SHADOW_CALL_STACK' /boot/config-$(uname -r)

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after fix commits and test CPU hotplug: echo 0 > /sys/devices/system/cpu/cpu1/online && echo 1 > /sys/devices/system/cpu/cpu1/online

📡 Detection & Monitoring

Log Indicators:

  • KASAN: stack-out-of-bounds warnings
  • CPU hotplug events in kernel logs
  • Memory allocation failures

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "CPU.*hotplug" OR "shadow call stack")

📊 Metadata

CVE ID: CVE-2021-47553
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-908
Published: May 24, 2024
Last Updated: September 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47553, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)