CVE-2021-47622
📋 TL;DR
A deadlock vulnerability in the Linux kernel's UFS (Universal Flash Storage) driver can cause system lockups when handling SCSI errors. This affects Linux systems using UFS storage devices, potentially leading to denial of service. The vulnerability occurs during error recovery when all I/O tags are allocated.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system lockup requiring hard reboot, causing extended downtime and potential data corruption.
Likely Case
System becomes unresponsive during storage error conditions, requiring manual intervention to restore functionality.
If Mitigated
Minor performance impact during error recovery with proper patching.
🎯 Exploit Status
Exploitation requires ability to trigger specific SCSI error conditions and exhaust all I/O tags, making reliable exploitation difficult.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 493c9e850677df8b4eda150c2364b1c1a72ed724, 945c3cca05d78351bba29fa65d93834cb7934c7b, d69d98d8edf90e25e4e09930dd36dd6d09dd6768
Vendor Advisory: https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable UFS driver if not needed
linuxRemove or blacklist UFS driver module if system doesn't use UFS storage
echo 'blacklist ufshcd' >> /etc/modprobe.d/blacklist-ufs.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system logs for UFS/SCSI error messages and investigate storage hardware issues promptly
- Implement redundancy for critical systems using UFS storage to minimize impact of potential lockups
🔍 How to Verify
Check if Vulnerable:
Check if UFS driver is loaded: lsmod | grep ufshcd. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes patched commits or is newer than affected versions. Verify UFS operations complete without deadlock during error conditions.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- SCSI/UFS error messages in dmesg
- System becoming unresponsive during storage operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("UFS" OR "ufshcd" OR "SCSI error") AND ("deadlock" OR "lockup" OR "panic")🔗 References
- https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724
- https://git.kernel.org/stable/c/945c3cca05d78351bba29fa65d93834cb7934c7b
- https://git.kernel.org/stable/c/d69d98d8edf90e25e4e09930dd36dd6d09dd6768
- https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724
- https://git.kernel.org/stable/c/945c3cca05d78351bba29fa65d93834cb7934c7b
- https://git.kernel.org/stable/c/d69d98d8edf90e25e4e09930dd36dd6d09dd6768
