Login Sign Up

CVE-2021-47308

6.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes an array index out-of-bounds vulnerability in the Linux kernel's Fibre Channel (libfc) subsystem. An attacker could potentially cause a kernel panic or execute arbitrary code by sending specially crafted Fibre Channel PRLI responses. Systems using Fibre Channel storage with vulnerable Linux kernel versions are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions between initial introduction of the bug and the fix. Check git commits for exact ranges.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if Fibre Channel (FC) storage is configured and in use. Systems without FC hardware/drivers are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

No impact if system is not using Fibre Channel storage or has proper network segmentation preventing access to Fibre Channel ports.

🌐 Internet-Facing: LOW - Fibre Channel protocols are typically used in internal storage networks, not directly internet-facing.
🏢 Internal Only: MEDIUM - Requires access to Fibre Channel network and ability to send crafted PRLI responses to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires access to the Fibre Channel network and knowledge of FC protocols. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 0fe70c15f9435bb3c50954778245d62ee38b0e03, 44651522941c623e20882b3b443f23f77de1ea8b, 4921b1618045ffab71b1050bf0014df3313a2289, 8511293e643a18b248510ae5734e4f360754348c, a4a54c54af2516caa9c145015844543cfc84316a

Vendor Advisory: https://git.kernel.org/stable/c/0fe70c15f9435bb3c50954778245d62ee38b0e03

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Fibre Channel

linux

If Fibre Channel storage is not required, disable FC drivers/modules

modprobe -r lpfc
modprobe -r qla2xxx
blacklist relevant FC drivers in /etc/modprobe.d/

Network Segmentation

all

Isolate Fibre Channel network from untrusted systems

🧯 If You Can't Patch

  • Implement strict network segmentation for Fibre Channel SAN
  • Monitor Fibre Channel traffic for anomalous PRLI responses

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Fibre Channel modules are loaded: 'uname -r' and 'lsmod | grep -E "lpfc|qla"'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and system remains stable during FC operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • FC driver error messages in dmesg
  • System crash/reboot events

Network Indicators:

  • Unusual FC PRLI response patterns
  • FC traffic from unauthorized sources

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "libfc")

📊 Metadata

CVE ID: CVE-2021-47308
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CWE: CWE-125
Published: May 21, 2024
Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47308, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)