CVE-2021-47247
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's mlx5e network driver allows attackers to cause kernel crashes or potentially execute arbitrary code with kernel privileges. This affects systems using Mellanox network adapters with the mlx5_core driver. The vulnerability occurs during concurrent encapsulation entry operations when the rtnl lock is removed from TC filter updates.
💻 Affected Systems
- Linux kernel with mlx5_core driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
Kernel crash leading to denial of service, system instability, or data corruption in network operations.
If Mitigated
System remains stable with proper kernel patching; no impact on properly updated systems.
🎯 Exploit Status
Exploitation requires triggering concurrent encap entry operations during TC filter updates. No public exploits known as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0d1e7a7964ce6abb28883a3906bbc20fe0009f03, b6447b72aca571632e71bb73a797118d5ce46a93, fb1a3132ee1ac968316e45d21a48703a6db0b6c3
Vendor Advisory: https://git.kernel.org/stable/c/0d1e7a7964ce6abb28883a3906bbc20fe0009f03
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update. 4. Verify mlx5 driver is updated.
🔧 Temporary Workarounds
Disable mlx5 driver
linuxTemporarily disable the vulnerable mlx5 driver if Mellanox networking is not required
modprobe -r mlx5_core
Blacklist mlx5 driver
linuxPrevent mlx5 driver from loading at boot
echo 'blacklist mlx5_core' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict network access to systems using mlx5 driver
- Implement strict network segmentation and monitoring for abnormal traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_core module is loaded: lsmod | grep mlx5_coreCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and mlx5 driver version is updated📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning mlx5e_encap_take
- KASAN reports of use-after-free in mlx5_core
- System crashes during network operations
Network Indicators:
- Abnormal network traffic patterns targeting mlx5 driver systems
- Unexpected TC filter modifications
SIEM Query:
source="kernel" AND ("mlx5e_encap_take" OR "KASAN: use-after-free" OR "mlx5_core")🔗 References
- https://git.kernel.org/stable/c/0d1e7a7964ce6abb28883a3906bbc20fe0009f03
- https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93
- https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3
- https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93
- https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
