CVE-2021-47334: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs.
AI Analysis
Technical Summary
CVE-2021-47334 is a use-after-free vulnerability identified in the Linux kernel's misc/libmasm module, specifically within the ibmasm_init_one function. The vulnerability arises during the initialization of remote input devices (mouse_dev and keybd_dev) via the ibmasm_init_remote_input_dev function, which allocates these devices using input_allocate_device() and assigns them to sp->remote.mouse_dev and sp->remote.keybd_dev. If an error occurs during initialization, the error handling code frees these devices using input_free_device() but subsequently attempts to unregister them again via ibmasm_free_remote_input_dev(sp). This results in a use-after-free condition because the devices have already been freed, leading to potential memory corruption. The patch introduced adds an "error_init_remote" label to properly handle errors in ibmasm_init_remote_input_dev and prevent the double free and use-after-free bugs. This vulnerability affects versions of the Linux kernel identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was published on May 21, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions that include the affected misc/libmasm module. Exploitation of this use-after-free bug could lead to kernel memory corruption, potentially allowing an attacker with local access to escalate privileges or cause denial of service through system crashes. Given the Linux kernel's widespread use in servers, embedded devices, and critical infrastructure, exploitation could disrupt business operations, compromise system integrity, or facilitate further attacks. Although remote exploitation is unlikely without local access, environments with multi-tenant systems, shared hosting, or where untrusted users have shell access are particularly at risk. The absence of known exploits suggests limited immediate threat, but the vulnerability's nature warrants prompt mitigation to prevent future exploitation. The impact on confidentiality, integrity, and availability could be significant if exploited, especially in critical infrastructure sectors prevalent in Europe such as telecommunications, finance, and manufacturing.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to a version that includes the patch fixing CVE-2021-47334. Specifically, they should verify kernel versions against the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and apply vendor-provided security updates promptly. For environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and implement strict access controls to limit potential exploitation vectors. Additionally, monitoring system logs for unusual kernel errors or crashes related to input device initialization can help detect attempted exploitation. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and enabling security modules like SELinux or AppArmor can further reduce exploitation risk. Regular vulnerability scanning and penetration testing focused on kernel vulnerabilities should be incorporated into security programs to identify and remediate similar issues proactively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2021-47334: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs.
AI-Powered Analysis
Technical Analysis
CVE-2021-47334 is a use-after-free vulnerability identified in the Linux kernel's misc/libmasm module, specifically within the ibmasm_init_one function. The vulnerability arises during the initialization of remote input devices (mouse_dev and keybd_dev) via the ibmasm_init_remote_input_dev function, which allocates these devices using input_allocate_device() and assigns them to sp->remote.mouse_dev and sp->remote.keybd_dev. If an error occurs during initialization, the error handling code frees these devices using input_free_device() but subsequently attempts to unregister them again via ibmasm_free_remote_input_dev(sp). This results in a use-after-free condition because the devices have already been freed, leading to potential memory corruption. The patch introduced adds an "error_init_remote" label to properly handle errors in ibmasm_init_remote_input_dev and prevent the double free and use-after-free bugs. This vulnerability affects versions of the Linux kernel identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was published on May 21, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions that include the affected misc/libmasm module. Exploitation of this use-after-free bug could lead to kernel memory corruption, potentially allowing an attacker with local access to escalate privileges or cause denial of service through system crashes. Given the Linux kernel's widespread use in servers, embedded devices, and critical infrastructure, exploitation could disrupt business operations, compromise system integrity, or facilitate further attacks. Although remote exploitation is unlikely without local access, environments with multi-tenant systems, shared hosting, or where untrusted users have shell access are particularly at risk. The absence of known exploits suggests limited immediate threat, but the vulnerability's nature warrants prompt mitigation to prevent future exploitation. The impact on confidentiality, integrity, and availability could be significant if exploited, especially in critical infrastructure sectors prevalent in Europe such as telecommunications, finance, and manufacturing.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to a version that includes the patch fixing CVE-2021-47334. Specifically, they should verify kernel versions against the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and apply vendor-provided security updates promptly. For environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and implement strict access controls to limit potential exploitation vectors. Additionally, monitoring system logs for unusual kernel errors or crashes related to input device initialization can help detect attempted exploitation. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and enabling security modules like SELinux or AppArmor can further reduce exploitation risk. Regular vulnerability scanning and penetration testing focused on kernel vulnerabilities should be incorporated into security programs to identify and remediate similar issues proactively.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:28:16.977Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea4a9
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 10:50:24 AM
Last updated: 8/5/2025, 6:21:48 PM
Views: 10
Related Threats
CVE-2025-8824: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8823: OS Command Injection in Linksys RE6250
MediumCVE-2025-8822: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8821: OS Command Injection in Linksys RE6250
MediumCVE-2025-8817: Stack-based Buffer Overflow in Linksys RE6250
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.