CVE-2021-47670
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's CAN bus subsystem for PEAK USB devices. It allows attackers with local access to potentially crash the kernel or execute arbitrary code. Systems using PEAK USB CAN interfaces with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel with peak_usb driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact if proper access controls prevent local attackers from accessing CAN interfaces.
🎯 Exploit Status
Requires local access and ability to interact with CAN interfaces. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with the fix commits applied
Vendor Advisory: https://git.kernel.org/stable/c/50aca891d7a554db0901b245167cd653d73aaa71
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system. 3. Verify peak_usb driver is updated.
🔧 Temporary Workarounds
Disable peak_usb module
linuxPrevent loading of the vulnerable driver if not needed
echo 'blacklist peak_usb' >> /etc/modprobe.d/blacklist-peak_usb.conf
rmmod peak_usb
Restrict CAN interface access
linuxLimit which users can access CAN devices
chmod 600 /dev/pcan*
setfacl -m u:root:rw /dev/pcan*
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from accessing CAN interfaces
- Monitor system logs for kernel crashes or suspicious CAN interface activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if peak_usb module is loaded: uname -r && lsmod | grep peak_usbCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for no use-after-free errors related to peak_usb📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Use-after-free warnings in dmesg
- CAN subsystem crashes
Network Indicators:
- Unusual CAN bus traffic patterns
SIEM Query:
source="kernel" AND ("use-after-free" OR "peak_usb" OR "CAN")