CVE-2021-47290
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's SCSI target subsystem allows local attackers to cause a kernel panic (denial of service) when EXTENDED COPY operations complete. This affects systems using LIO (Linux-IO) target with CPU affinity control enabled. Attackers with local access can crash the kernel.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel crash when EXTENDED COPY operations are performed.
If Mitigated
Minimal impact if CPU affinity control is disabled or systems don't use EXTENDED COPY functionality.
🎯 Exploit Status
Exploitation requires local access and ability to perform EXTENDED COPY operations through LIO target.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits a47fa41381a09e5997afd762664db4f5f6657e03 or e7732c5a19a15a62b0b23fd683a639b0483e1f40
Vendor Advisory: https://git.kernel.org/stable/c/a47fa41381a09e5997afd762664db4f5f6657e03
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable CPU affinity control
linuxDisable the CPU affinity feature that triggers the NULL pointer dereference
echo 0 > /sys/kernel/config/target/core/$WWPN/$TPG/cmd_compl_affinity
Disable EXTENDED COPY support
linuxPrevent use of vulnerable EXTENDED COPY functionality
Modify LIO configuration to disable XCOPY support
🧯 If You Can't Patch
- Restrict local user access to systems using LIO target
- Monitor for kernel panic events and investigate EXTENDED COPY usage
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if LIO target with CPU affinity is configured: uname -r and check /sys/kernel/config/target/ for cmd_compl_affinity settingsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q 'a47fa41381a09e5997afd762664db4f5f6657e03\|e7732c5a19a15a62b0b23fd683a639b0483e1f40' /proc/version_signature📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages with NULL pointer dereference at target_complete_cmd
- BUG: kernel NULL pointer dereference in target_core_mod
Network Indicators:
- SCSI EXTENDED COPY command traffic to affected systems
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "target_complete_cmd"