Login Sign Up

CVE-2021-47110

7.1 HIGH

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's KVM subsystem where kvmclock is not properly disabled on all CPUs during system shutdown. This could allow attackers to corrupt memory, potentially leading to system instability or privilege escalation. Affects systems running Linux with KVM virtualization enabled.

💻 Affected Systems

Products:
  • Linux kernel with KVM virtualization
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions with KVM support
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with KVM virtualization enabled and using kvmclock

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context

🟠

Likely Case

System instability, crashes during shutdown/hibernation, or denial of service

🟢

If Mitigated

Minimal impact with proper patching and isolation of virtualization hosts

🌐 Internet-Facing: LOW - Requires local access to the host system
🏢 Internal Only: MEDIUM - Virtualization hosts in data centers could be affected by malicious local users or compromised VMs

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires local access and specific timing during shutdown/hibernation

Exploitation requires local access to trigger during system shutdown or hibernate operations

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 1df2dc09926f61319116c80ee85701df33577d70 or later

Vendor Advisory: https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits
2. Check distribution-specific security advisories
3. Reboot system after kernel update

🔧 Temporary Workarounds

Disable kvmclock

linux

Use alternative clocksource instead of kvmclock

Add 'clocksource=tsc' or 'clocksource=hpet' to kernel boot parameters

🧯 If You Can't Patch

  • Isolate virtualization hosts from untrusted users
  • Avoid using hibernate/suspend features on affected systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if kvmclock is in use: 'cat /sys/devices/system/clocksource/clocksource0/current_clocksource'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains the fix commits and kvmclock is properly disabled on all CPUs during shutdown

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic during shutdown/hibernation
  • Memory corruption errors in kernel logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for kernel panic events or memory corruption errors during system shutdown operations

📊 Metadata

CVE ID: CVE-2021-47110
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-459
Published: March 15, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47110, you might also want to check these:

CVE-2023-36468 9.9

XWiki Platform retains vulnerable old document revisions after upgrades, allowing attackers to explo...

Same vulnerability type (CWE-459)
CVE-2021-45330 9.8

This vulnerability in Gitea allows a malicious user to maintain access to a session even after logou...

Same vulnerability type (CWE-459)
CVE-2021-32928 9.8

This vulnerability in Sentinel LDK Run-Time Environment installer versions 7.6 and prior leaves TCP ...

Same vulnerability type (CWE-459)