Login Sign Up

CVE-2021-47309

7.1 HIGH
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the skb_tunnel_info() function allows reading kernel memory beyond allocated bounds when processing certain network packets. This affects systems using Linux kernel networking features like VXLAN or MPLS tunnels. Attackers could potentially leak sensitive kernel memory information or cause denial of service.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution, generally pre-5.13 with backports)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using specific network tunneling features like VXLAN or MPLS. Systems not using these features are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leakage, potential privilege escalation if combined with other vulnerabilities, or system crashes causing denial of service.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially revealing sensitive data or causing system instability/crashes.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal use of affected tunneling protocols.

🌐 Internet-Facing: MEDIUM - Requires specific network configurations (VXLAN/MPLS tunnels) and packet processing, but could be triggered by crafted packets.
🏢 Internal Only: MEDIUM - Internal systems using affected tunneling protocols remain vulnerable to internal attackers or compromised systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires ability to send crafted network packets to systems using vulnerable tunneling configurations. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 67a9c94317402b826fc3db32afc8f39336803d97 and related stable backports

Vendor Advisory: https://git.kernel.org/stable/c/67a9c94317402b826fc3db32afc8f39336803d97

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable affected tunneling protocols

linux

Disable VXLAN and MPLS tunneling if not required

modprobe -r vxlan
modprobe -r mpls_iptunnel

Network segmentation

all

Restrict network access to systems using vulnerable tunneling protocols

🧯 If You Can't Patch

  • Disable VXLAN and MPLS tunneling features if not essential for operations
  • Implement strict network filtering to prevent unauthorized access to systems using these tunneling protocols

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if VXLAN/MPLS modules are loaded: uname -r && lsmod | grep -E 'vxlan|mpls_iptunnel'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and check for absence of KASAN errors in dmesg: dmesg | grep -i 'KASAN'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN error messages in dmesg
  • System crash reports

Network Indicators:

  • Unusual traffic patterns to VXLAN/MPLS ports
  • Malformed tunnel packets

SIEM Query:

source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "vxlan" OR "mpls_iptunnel")

📊 Metadata

CVE ID: CVE-2021-47309
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: May 21, 2024
Last Updated: December 26, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47309, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)