CVE-2021-47277
📋 TL;DR
This CVE describes a speculative execution vulnerability in the Linux kernel's KVM hypervisor where a malicious guest VM could potentially read host kernel memory through out-of-bounds memory slot accesses. The vulnerability affects systems running KVM virtualization with untrusted guest VMs. This is a speculative execution attack similar to Spectre variants.
💻 Affected Systems
- Linux kernel with KVM virtualization
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Guest VM could read sensitive host kernel memory, potentially exposing credentials, encryption keys, or other protected data from the host system.
Likely Case
Limited information disclosure from host kernel memory to untrusted guest VMs, though exploitation requires specific conditions and gadget chains.
If Mitigated
Minimal impact with proper patching as the fix prevents speculative execution from using invalid guest frame numbers.
🎯 Exploit Status
Exploitation requires building data-dependent access gadget chains and specific CPU speculative execution conditions. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 22b87fb17a28d, 3098b86390a6b, 361ce3b917aff, 740621309b25b, or 7af299b97734c (depending on kernel version)
Vendor Advisory: https://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot the host system. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable KVM if not needed
linuxRemove KVM module if virtualization is not required
sudo modprobe -r kvm
sudo modprobe -r kvm_intel (or kvm_amd)
Restrict untrusted guest VMs
allOnly run trusted guest VMs until patched
🧯 If You Can't Patch
- Isolate virtualization hosts from sensitive networks
- Implement strict access controls and monitoring for guest VMs
🔍 How to Verify
Check if Vulnerable:
Check if running a vulnerable kernel version and KVM is loaded: 'lsmod | grep kvm' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and contains the fix commits: 'uname -r' and check kernel changelog📡 Detection & Monitoring
Log Indicators:
- Kernel oops or crashes related to memory access
- Unusual guest VM behavior attempting invalid memory accesses
Network Indicators:
- Not network exploitable - local vulnerability only
SIEM Query:
Search for kernel panic logs or KVM module errors in system logs🔗 References
- https://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781
- https://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff
- https://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438
- https://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441
- https://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975
- https://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0
- https://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c
- https://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940
- https://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781
- https://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff
- https://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438
- https://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441
- https://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975
- https://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0
- https://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c
- https://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940
