CVE-2021-47118
📋 TL;DR
This Linux kernel vulnerability allows a local attacker to trigger a use-after-free condition by modifying the cad_pid sysctl parameter, which could lead to kernel memory corruption, crashes, or potential privilege escalation. It affects Linux systems running vulnerable kernel versions where the cad_pid initialization lacks proper reference counting. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or privilege escalation to root via memory corruption leading to arbitrary code execution in kernel context.
Likely Case
Kernel crash or system instability when cad_pid sysctl is modified, potentially causing denial of service.
If Mitigated
No impact if patched or if sysctl modifications are restricted via proper access controls.
🎯 Exploit Status
Exploitation requires local access and ability to modify sysctl parameters. The vulnerability was discovered through fuzzing with Syzkaller, suggesting potential for reliable exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel versions with commits: 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f, 2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff, 4dbd8808a591b49b717862e6e0081bcf14a87788, 7178be006d495ffb741c329012da289b62dddfe6, 764c2e892d1fe895392aff62fb353fdce43bb529
Vendor Advisory: https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Restrict cad_pid sysctl access
linuxLimit write access to /proc/sys/kernel/cad_pid to prevent triggering the vulnerability
chmod 644 /proc/sys/kernel/cad_pid
sysctl -w kernel.cad_pid=1
🧯 If You Can't Patch
- Restrict sysctl write permissions using capabilities or SELinux/AppArmor policies
- Monitor for unauthorized attempts to modify kernel parameters
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare against affected versions (v2.6.19 to v5.13-rc3). Also check if /proc/sys/kernel/cad_pid exists and is writable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is newer than affected range and check that cad_pid initialization has proper reference counting in kernel source.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN use-after-free reports in dmesg
- Unexpected system crashes
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("KASAN: use-after-free" OR "BUG: KASAN" OR "cad_pid")🔗 References
- https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f
- https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff
- https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788
- https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6
- https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529
- https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca
- https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414
- https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4
- https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f
- https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff
- https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788
- https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6
- https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529
- https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca
- https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414
- https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4
