CVE-2021-46938
📋 TL;DR
This CVE describes a double-free vulnerability in the Linux kernel's device-mapper request-based (dm-rq) subsystem. When loading a device-mapper table fails during initialization, a subsequent device removal can trigger a double-free of kernel memory, causing a kernel panic and system crash. This affects systems using device-mapper with request-based multipath or other dm-rq configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data corruption or loss in storage systems.
Likely Case
System crash when attempting to remove a device-mapper device after a failed table load, resulting in downtime.
If Mitigated
No impact if the vulnerable code path is not triggered (no failed dm-rq table loads followed by device removal).
🎯 Exploit Status
Exploitation requires triggering the specific error condition (failed dm-rq table load) followed by device removal. Requires privileged access to device-mapper operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1cb02dc76f4c0a2749a02b26469512d6984252e9, 6086f957416a6e87236c06079fcaba7a3998aeca, 772b9f59657665af3b68d24d12b9d172d31f0dfb, 8ae0185255eaf05bd66f4215c81e99bf01140fd9, 8e947c8f4a5620df77e43c9c75310dc510250166
Vendor Advisory: https://git.kernel.org/stable/c/1cb02dc76f4c0a2749a02b26469512d6984252e9
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for specific patched kernel packages. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid dm-rq configurations
linuxDo not use request-based device-mapper configurations if possible
Monitor device-mapper operations
linuxMonitor for failed device-mapper table loads and avoid subsequent device removal operations
🧯 If You Can't Patch
- Restrict device-mapper operations to trusted administrators only
- Implement monitoring for kernel panic events and failed device-mapper operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if device-mapper request-based is in use. Look for kernel versions before the fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Check dmesg for absence of double-free errors during device-mapper operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg/system logs
- 'double free' or 'Oops' messages in kernel logs
- Device-mapper initialization failure logs
SIEM Query:
source="kernel" AND ("double free" OR "Oops" OR "Kernel panic" OR "device-mapper.*fail")🔗 References
- https://git.kernel.org/stable/c/1cb02dc76f4c0a2749a02b26469512d6984252e9
- https://git.kernel.org/stable/c/6086f957416a6e87236c06079fcaba7a3998aeca
- https://git.kernel.org/stable/c/772b9f59657665af3b68d24d12b9d172d31f0dfb
- https://git.kernel.org/stable/c/8ae0185255eaf05bd66f4215c81e99bf01140fd9
- https://git.kernel.org/stable/c/8e947c8f4a5620df77e43c9c75310dc510250166
- https://git.kernel.org/stable/c/a992a283c0b77d0a7c2c348add0e6a21fb1dab67
- https://git.kernel.org/stable/c/b42c0a33dfdd451d9be62dd5de58c39f2750b6e3
- https://git.kernel.org/stable/c/d757bf4c69cda3c3ab7f775dfabbf5a80e2f6f9d
- https://git.kernel.org/stable/c/1cb02dc76f4c0a2749a02b26469512d6984252e9
- https://git.kernel.org/stable/c/6086f957416a6e87236c06079fcaba7a3998aeca
- https://git.kernel.org/stable/c/772b9f59657665af3b68d24d12b9d172d31f0dfb
- https://git.kernel.org/stable/c/8ae0185255eaf05bd66f4215c81e99bf01140fd9
- https://git.kernel.org/stable/c/8e947c8f4a5620df77e43c9c75310dc510250166
- https://git.kernel.org/stable/c/a992a283c0b77d0a7c2c348add0e6a21fb1dab67
- https://git.kernel.org/stable/c/b42c0a33dfdd451d9be62dd5de58c39f2750b6e3
- https://git.kernel.org/stable/c/d757bf4c69cda3c3ab7f775dfabbf5a80e2f6f9d
