CVE-2021-47103
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's networking subsystem where improper RCU (Read-Copy-Update) handling of socket destination cache (sk_rx_dst) allows freed memory to be accessed. This can lead to kernel crashes, privilege escalation, or information disclosure. All Linux systems using affected kernel versions are potentially vulnerable.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential privilege escalation to root, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel crashes, denial of service, or information leaks from kernel memory.
If Mitigated
Minor performance impact from early demux operations with proper RCU handling.
🎯 Exploit Status
Exploitation requires precise timing to trigger use-after-free during network packet processing. Syzbot found this through fuzzing, indicating potential for automated exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel versions with commits 0249a4b8a554f2eb6a27b62516fa50168584faa4 and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. For Red Hat/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. For custom kernels: apply patches from kernel.org stable tree. 5. Reboot system after update.
🔧 Temporary Workarounds
Disable early demux
linuxDisables the early demultiplexing feature that triggers the vulnerable code path
echo 0 > /proc/sys/net/ipv4/tcp_early_demux
echo 0 > /proc/sys/net/ipv6/tcp_early_demux
🧯 If You Can't Patch
- Implement network segmentation to limit exposure
- Use host-based firewalls to restrict unnecessary network traffic
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with distribution security advisories. Vulnerable if using affected kernel versions without patches.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update and check that /proc/sys/net/ipv4/tcp_early_demux returns 1 (if re-enabled).📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- KASAN reports of use-after-free in networking code
- System crashes during network traffic processing
Network Indicators:
- Unusual network traffic patterns targeting early demux operations
- Increased TCP connection failures
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "sk_rx_dst" OR "tcp_v4_early_demux")🔗 References
- https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4
- https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100
- https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412
- https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105
- https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449
- https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e
- https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0
- https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4
- https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100
- https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412
- https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105
- https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449
- https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e
- https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0
