CVE-2021-47276
📋 TL;DR
A memory access vulnerability in the Linux kernel's ftrace subsystem could cause kernel panics when handling invalid instruction pointer addresses. This affects Linux systems with ftrace enabled, potentially leading to denial of service. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.
Likely Case
Local denial of service if a user with appropriate privileges triggers the bug, causing system instability.
If Mitigated
Minimal impact with proper access controls limiting who can use ftrace debugging features.
🎯 Exploit Status
Requires local access and ability to trigger ftrace bug conditions. Not a remote code execution vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 0bc62e398bbd9e600959e610def5109957437b28, 3e4ddeb68751fb4fb657199a9cfd5d02796875, 4aedc2bc2b32c93555f47c95610efb89cc1ec09b, 6c14133d2d3f768e0a35128faac8aa6ed4815051, 7e4e824b109f1d41ccf223fbb0565d877d6223a2
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable ftrace
linuxPrevent access to ftrace subsystem to eliminate attack surface
echo 0 > /sys/kernel/debug/tracing/tracing_on
chmod 000 /sys/kernel/debug/tracing/tracing_on
Restrict ftrace access
linuxLimit which users can access ftrace debugging interface
chmod 600 /sys/kernel/debug/tracing/tracing_on
setfacl -m u:root:rw- /sys/kernel/debug/tracing/tracing_on
🧯 If You Can't Patch
- Restrict access to ftrace debugging interface to root only
- Implement strict user privilege separation to prevent non-admin users from accessing kernel debugging features
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from kernel.org stable branchesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: grep -q '0bc62e398bbd9e600959e610def5109957437b28\|3e4ddeb68751fb4fb657199a9cfd5d02796875\|4aedc2bc2b32c93555f47c95610efb89cc1ec09b\|6c14133d2d3f768e0a35128faac8aa6ed4815051\|7e4e824b109f1d41ccf223fbb0565d877d6223a2' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- System crash/reboot events without clear cause
- Ftrace error messages in kernel logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kern.log" AND ("kernel panic" OR "Oops" OR "ftrace" AND "bug")🔗 References
- https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28
- https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875
- https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b
- https://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051
- https://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2
- https://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb
- https://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81
- https://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7
- https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28
- https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875
- https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b
- https://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051
- https://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2
- https://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb
- https://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81
- https://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7
