Login Sign Up

CVE-2021-47175

7.1 HIGH
Denial of Service

📋 TL;DR

This is an out-of-bounds memory access vulnerability in the Linux kernel's fq_pie network scheduler. It allows attackers with local access to cause kernel crashes or potentially execute arbitrary code. Any Linux system using the fq_pie queuing discipline is affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when fq_pie queuing discipline is configured via tc commands. Not enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Kernel crash causing denial of service, system instability, or information disclosure through memory leaks.

🟢

If Mitigated

Limited to denial of service if proper kernel hardening and memory protections are in place.

🌐 Internet-Facing: LOW - Requires local access to trigger via network configuration commands.
🏢 Internal Only: MEDIUM - Local users or processes with CAP_NET_ADMIN capabilities can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

The provided script demonstrates exploitation. Requires CAP_NET_ADMIN or root privileges to configure network queuing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 7a1bdec12e43e29cc34a4394590337069d8812ce or e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c

Vendor Advisory: https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable fq_pie queuing discipline

linux

Remove or avoid using fq_pie qdisc configuration

# tc qdisc del dev eth0 root
# Remove any fq_pie configurations from network scripts

🧯 If You Can't Patch

  • Restrict CAP_NET_ADMIN capabilities to trusted users only
  • Implement kernel hardening features like KASAN and memory protection

🔍 How to Verify

Check if Vulnerable:

Check if fq_pie module is loaded: 'lsmod | grep fq_pie' and check kernel version

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and test with the exploit script to confirm no crash

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN reports in dmesg
  • System crash/reboot events

Network Indicators:

  • Unexpected tc qdisc configurations
  • Network interface errors

SIEM Query:

source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "fq_pie")

📊 Metadata

CVE ID: CVE-2021-47175
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: March 25, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47175, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)