CVE-2021-47106
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's netfilter nf_tables subsystem. It allows local attackers to potentially escalate privileges or crash the system by triggering memory corruption. Any system running an affected Linux kernel version with nf_tables enabled is vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.
Likely Case
Kernel panic leading to denial of service (system crash) or local privilege escalation.
If Mitigated
Limited impact if proper kernel hardening and privilege separation are in place, but still risk of DoS.
🎯 Exploit Status
Syzbot found and reported this issue, indicating exploit code exists. Requires local access and knowledge of kernel exploitation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions including commit 0f7d9b31ce7abdbb29bf018131ac920c9f698518
Vendor Advisory: https://git.kernel.org/stable/c/0f7d9b31ce7abdbb29bf018131ac920c9f698518
Restart Required: Yes
Instructions:
1. Update Linux kernel to version that includes the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable nf_tables module
linuxUnload the nf_tables kernel module if not required
sudo rmmod nf_tables
Blacklist nf_tables module
linuxPrevent nf_tables from loading at boot
echo 'blacklist nf_tables' | sudo tee /etc/modprobe.d/blacklist-nf_tables.conf
🧯 If You Can't Patch
- Restrict local user access to minimize attack surface
- Implement strict privilege separation and limit users who can load kernel modules
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with affected versions. Check if nf_tables is loaded: lsmod | grep nf_tablesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commit. Check /proc/version or uname -a for kernel build date after the fix.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs in /var/log/kern.log or dmesg
- OOM killer messages related to nf_tables
- System crash/reboot events
Network Indicators:
- None - this is local exploitation only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "nf_tables"