CVE-2021-47653
Published: 26 February 2025
Summary
CVE-2021-47653 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the use-after-free vulnerability by requiring timely application of the kernel patch that adds deregistration calls in the VPIF driver's remove callback and handles probe errors.
Prevents loading of the vulnerable DaVinci VPIF kernel module by enforcing software usage restrictions such as module blacklisting and signing requirements.
Eliminates the vulnerable driver from the attack surface by configuring the system for least functionality, disabling non-essential kernel drivers like VPIF when not required for hardware support.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results…
more
in a use-after-free on driver unbind as the device structures were allocated using devres and would be freed by driver core when remove() returns. Fix this by adding the missing deregistration calls to the remove() callback and failing probe on registration errors. Note that the platform device structures must be freed using a proper release callback to avoid leaking associated resources like device names.
Deeper analysisAI
CVE-2021-47653 is a use-after-free vulnerability in the Linux kernel's media subsystem, specifically the DaVinci VPIF (Video Processing Interface) driver. During the driver's probe function, two platform device structures are allocated using devres and registered, but these devices are not deregistered in the driver's remove callback. As a result, when the driver core frees the structures after remove returns, it triggers a use-after-free condition. The issue is classified under CWE-416 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by triggering the driver unbind operation, such as through device removal or module unloading. Successful exploitation could allow the attacker to achieve high confidentiality, integrity, and availability impacts, potentially leading to arbitrary code execution, data corruption, or system crashes within the kernel context.
The provided kernel stable commit references detail the mitigation, which involves adding the missing deregistration calls for the platform devices in the driver's remove callback, failing the probe function on registration errors, and ensuring the devices are freed using a proper release callback to prevent resource leaks like device names. Security practitioners should apply these patches from the referenced stable kernel commits to affected versions.
Details
- CWE(s)