CVE-2021-47274
📋 TL;DR
This is a memory corruption vulnerability in the Linux kernel's tracing subsystem caused by an incorrect length check in the ftrace buffer. It allows out-of-bounds memory writes that can lead to kernel crashes or potential privilege escalation. All systems running affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to root via kernel memory corruption.
Likely Case
Kernel crashes and system instability, particularly when tracing functionality is used.
If Mitigated
Limited impact if tracing features are disabled or not in use, though the vulnerable code path still exists.
🎯 Exploit Status
Exploitation requires ability to trigger kernel tracing functions, typically requiring some level of access. The vulnerability was discovered in production environments causing crashes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple kernel versions with fixes (see commit references)
Vendor Advisory: https://git.kernel.org/stable/c/2d598902799886d67947406f26ee8e5fd2ca097f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable ftrace/kprobes
linuxDisable kernel tracing functionality to prevent exploitation
echo 0 > /sys/kernel/debug/tracing/tracing_on
echo 0 > /proc/sys/kernel/kptr_restrict
Restrict tracing capabilities
linuxUse kernel capabilities or SELinux/AppArmor to restrict access to tracing functions
setcap -r /bin/dmesg
chmod 600 /sys/kernel/debug/tracing/*
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from using tracing functions
- Monitor system logs for kernel crashes or out-of-bounds memory access warnings
🔍 How to Verify
Check if Vulnerable:
Check kernel version against affected versions. Vulnerable if using unpatched kernel with tracing enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched version from vendor and check that /sys/kernel/debug/tracing functions work without crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- 'general protection fault' errors
- 'Out-of-bounds write' kernel messages
- Page fault errors in kernel logs
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("general protection fault" OR "Out-of-bounds" OR "page_fault" OR "BUG:")🔗 References
- https://git.kernel.org/stable/c/2d598902799886d67947406f26ee8e5fd2ca097f
- https://git.kernel.org/stable/c/31ceae385556c37e4d286cb6378696448f566883
- https://git.kernel.org/stable/c/3e08a9f9760f4a70d633c328a76408e62d6f80a3
- https://git.kernel.org/stable/c/43c32c22254b9328d7abb1c2b0f689dc67838e60
- https://git.kernel.org/stable/c/b16a249eca2230c2cd66fa1d4b94743bd9b6ef92
- https://git.kernel.org/stable/c/d63f00ec908b3be635ead5d6029cc94246e1f38d
- https://git.kernel.org/stable/c/edcce01e0e50840a9aa6a70baed21477bdd2c9f9
- https://git.kernel.org/stable/c/2d598902799886d67947406f26ee8e5fd2ca097f
- https://git.kernel.org/stable/c/31ceae385556c37e4d286cb6378696448f566883
- https://git.kernel.org/stable/c/3e08a9f9760f4a70d633c328a76408e62d6f80a3
- https://git.kernel.org/stable/c/43c32c22254b9328d7abb1c2b0f689dc67838e60
- https://git.kernel.org/stable/c/b16a249eca2230c2cd66fa1d4b94743bd9b6ef92
- https://git.kernel.org/stable/c/d63f00ec908b3be635ead5d6029cc94246e1f38d
- https://git.kernel.org/stable/c/edcce01e0e50840a9aa6a70baed21477bdd2c9f9
