Login Sign Up

CVE-2021-47620

5.5 MEDIUM

📋 TL;DR

This CVE addresses an out-of-bounds read vulnerability in the Linux kernel's Bluetooth stack. The flaw could allow attackers to read kernel memory beyond allocated buffers when processing malicious advertising data. Systems running vulnerable Linux kernel versions with Bluetooth enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable kernel versions referenced in the git commits (need to check exact ranges from commit history)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when Bluetooth functionality is enabled and processing advertising data.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of kernel memory contents, potentially exposing sensitive data or system information to attackers.

🟠

Likely Case

Kernel crash or denial of service due to invalid memory access, causing system instability.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or the system is not processing malicious advertising packets.

🌐 Internet-Facing: LOW - Requires proximity-based Bluetooth access, not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Attackers within Bluetooth range could potentially exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending malicious Bluetooth advertising packets within range of vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the referenced git commits

Vendor Advisory: https://git.kernel.org/stable/c/305e92f525450f3e1b5f5c9dc7eadb152d66a082

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Turn off Bluetooth functionality to prevent processing of malicious advertising data

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth

🧯 If You Can't Patch

  • Disable Bluetooth functionality entirely
  • Implement network segmentation to limit Bluetooth device access

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions in git commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable versions

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Bluetooth stack error messages
  • System crash dumps

Network Indicators:

  • Unusual Bluetooth advertising packets
  • Multiple connection attempts from unknown devices

SIEM Query:

Search for kernel panic events or Bluetooth service crashes

📊 Metadata

CVE ID: CVE-2021-47620
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-125
Published: June 20, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47620, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)