CVE-2021-47219 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2021-47219?

CVE-2021-47219 has a CVSS score of 7.1 (HIGH). This CVE describes an out-of-bounds read vulnerability in the Linux kernel's scsi_debug driver. An attacker can cause kernel memory corruption by passing specially crafted SCSI commands, potentially leading to system crashes or information disclosure. Systems using the scsi_debug driver are affected.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the Linux kernel's scsi_debug driver. An attacker can cause kernel memory corruption by passing specially crafted SCSI commands, potentially leading to system crashes or information disclosure. Systems using the scsi_debug driver are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if scsi_debug driver is loaded. This is typically a testing/development module not loaded by default in production systems.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential information disclosure from kernel memory.

🟠

Likely Case

System crash or instability requiring reboot.

🟢

If Mitigated

Limited impact if scsi_debug driver is not loaded or access is restricted.

🌐 Internet-Facing: LOW - scsi_debug is typically used for testing and development, not in production internet-facing systems.

🏢 Internal Only: MEDIUM - Could be exploited by local users or through compromised internal services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send SCSI commands to the scsi_debug device, typically needing local access or compromised service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 66523553fa62c7878fc5441dc4e82be71934eb77, 8440377e1a5644779b4c8d013aa2a917f5fc83c3, f347c26836c270199de1599c3cd466bb7747caa9

Vendor Advisory: https://git.kernel.org/stable/c/66523553fa62c7878fc5441dc4e82be71934eb77

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Unload scsi_debug module

linux

Remove the vulnerable driver if not needed

sudo rmmod scsi_debug

Blacklist scsi_debug module

linux

Prevent scsi_debug from loading automatically

echo 'blacklist scsi_debug' | sudo tee /etc/modprobe.d/blacklist-scsi_debug.conf

🧯 If You Can't Patch

Ensure scsi_debug module is not loaded in production systems
Restrict access to SCSI devices to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check if scsi_debug module is loaded: lsmod | grep scsi_debug

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from your distribution's security advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN reports for scsi_debug
System crashes after SCSI operations

Network Indicators:

Unusual SCSI command patterns to local devices

SIEM Query:

Process monitoring for scsi_debug module loading or SCSI command execution patterns

📊 Metadata

CVE ID: CVE-2021-47219

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: April 10, 2024

Last Updated: March 4, 2025

🔗 References

https://git.kernel.org/stable/c/66523553fa62c7878fc5441dc4e82be71934eb77 Mailing List,Patch
https://git.kernel.org/stable/c/8440377e1a5644779b4c8d013aa2a917f5fc83c3 Mailing List,Patch
https://git.kernel.org/stable/c/f347c26836c270199de1599c3cd466bb7747caa9 Mailing List,Patch
https://git.kernel.org/stable/c/66523553fa62c7878fc5441dc4e82be71934eb77 Mailing List,Patch
https://git.kernel.org/stable/c/8440377e1a5644779b4c8d013aa2a917f5fc83c3 Mailing List,Patch
https://git.kernel.org/stable/c/f347c26836c270199de1599c3cd466bb7747caa9 Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47219, you might also want to check these: