CVE-2021-47564 – This CVE describes a double-free vulnerability ... (How to Fix)

Q: What is the severity of CVE-2021-47564?

CVE-2021-47564 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free vulnerability in the Marvell Prestera network driver in the Linux kernel. When exploited, it causes a kernel crash (kernel panic) leading to denial of service. Systems using affected Linux kernel versions with Prestera driver enabled are vulnerable.

📋 TL;DR

This CVE describes a double-free vulnerability in the Marvell Prestera network driver in the Linux kernel. When exploited, it causes a kernel crash (kernel panic) leading to denial of service. Systems using affected Linux kernel versions with Prestera driver enabled are vulnerable.

💻 Affected Systems

Products:

Linux kernel with Marvell Prestera driver

Versions: Linux kernel versions containing the vulnerable code (specific versions not provided in CVE, but fix commits target 5.15.x)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if Prestera network driver is loaded and bridge port join operations are performed. Requires specific Marvell Prestera hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring reboot, potentially causing extended network downtime and service disruption.

🟠

Likely Case

Kernel panic leading to system reboot and temporary service interruption on affected network devices.

🟢

If Mitigated

No impact if patched or Prestera driver not in use.

🌐 Internet-Facing: MEDIUM - Requires specific network configuration and driver usage, but could affect internet-facing network devices.

🏢 Internal Only: MEDIUM - Could affect internal network infrastructure devices using Prestera hardware.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger bridge port join operations on affected network interfaces. Likely requires local or network access to configure bridge interfaces.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 03e5203d2161a00afe4d97d206d2293e40b2f253, 5dca8eff4627315df98feec09fff9dfe3356325e, e8d032507cb7912baf1d3e0af54516f823befefd applied

Vendor Advisory: https://git.kernel.org/stable/c/03e5203d2161a00afe4d97d206d2293e40b2f253

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify Prestera driver is using patched code.

🔧 Temporary Workarounds

Disable Prestera driver

linux

Unload or blacklist the prestera driver if not required

rmmod prestera
rmmod prestera_pci
echo 'blacklist prestera' >> /etc/modprobe.d/blacklist.conf

Restrict bridge configuration

linux

Limit bridge port join operations to trusted users

chmod 750 /usr/sbin/brctl
setcap cap_net_admin=ep /usr/sbin/brctl

🧯 If You Can't Patch

Disable Prestera driver module if not required
Implement strict access controls for network bridge configuration

🔍 How to Verify

Check if Vulnerable:

Check if Prestera driver is loaded: lsmod | grep prestera. Check kernel version and if fix commits are present.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Test bridge port join operations on Prestera interfaces.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning prestera_bridge_destroy or prestera_bridge_port_join
System crash/reboot logs after bridge configuration

Network Indicators:

Sudden loss of connectivity on Prestera interfaces
Bridge interface failures

SIEM Query:

event_source:kernel AND (message:"prestera_bridge" OR message:"Internal error: Oops: 96000044")

📊 Metadata

CVE ID: CVE-2021-47564

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: May 24, 2024

Last Updated: January 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47564, you might also want to check these: