CVE-2021-47668 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2021-47668?

CVE-2021-47668 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem. When exploited, it allows local attackers to cause memory corruption, potentially leading to system crashes or privilege escalation. It affects Linux systems with CAN networking enabled.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem. When exploited, it allows local attackers to cause memory corruption, potentially leading to system crashes or privilege escalation. It affects Linux systems with CAN networking enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches exist for multiple stable branches (see references).

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if CAN networking subsystem is enabled and in use. Many systems don't use CAN by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting CAN network functionality.

🟢

If Mitigated

Limited impact if CAN subsystem is disabled or not in use, with potential for crashes but no privilege escalation.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but requires CAN subsystem usage.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of CAN subsystem. Memory corruption vulnerabilities can be challenging to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes (see git.kernel.org references in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/03f16c5075b22c8902d2af739969e878b0879c94

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable CAN subsystem

linux

If CAN networking is not required, disable the kernel module to eliminate attack surface.

sudo modprobe -r can
sudo modprobe -r can_raw
sudo modprobe -r can_dev
echo 'blacklist can' | sudo tee /etc/modprobe.d/blacklist-can.conf

🧯 If You Can't Patch

Disable CAN subsystem modules if not needed
Restrict local user access to systems with CAN enabled

🔍 How to Verify

Check if Vulnerable:

Check if CAN modules are loaded: lsmod | grep -i can. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and CAN modules are either disabled or system is stable with CAN enabled.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes/panics
CAN subsystem errors in dmesg

Network Indicators:

Unusual CAN network traffic patterns

SIEM Query:

source="kernel" AND ("Oops" OR "panic" OR "BUG") AND ("can" OR "CAN")

📊 Metadata

CVE ID: CVE-2021-47668

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.06% exploit probability (19.9th percentile)

Published: April 17, 2025

Last Updated: April 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47668, you might also want to check these: