Login Sign Up

CVE-2021-47320

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's NFS (Network File System) implementation. When the posix_acl_create() function fails during file creation operations (nfs3_proc_create and nfs3_proc_mknod), it doesn't properly free allocated ACL (Access Control List) memory, leading to gradual memory exhaustion. This affects Linux systems using NFSv3 with ACL support.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable code (exact range depends on distribution backports)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires NFSv3 with ACL support enabled; NFSv4 not affected. The vulnerability is triggered during file creation operations that fail.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes on affected systems.

🟠

Likely Case

Gradual memory consumption over time in NFS-heavy environments, potentially leading to performance degradation or service interruptions.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place; isolated to NFS operations only.

🌐 Internet-Facing: LOW - NFS is typically not exposed directly to the internet and requires network access to vulnerable services.
🏢 Internal Only: MEDIUM - Internal attackers with NFS access could potentially trigger the memory leak repeatedly to cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger NFS file creation failures repeatedly; memory leak is gradual rather than immediate.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with the fix backported (check specific distribution)

Vendor Advisory: https://git.kernel.org/stable/c/0704f617040c397ae73c1f88f3956787ec5d6529

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NFS ACL support

linux

Disable POSIX ACL support in NFS exports to prevent triggering the vulnerable code path

Edit /etc/exports and remove 'acl' option from NFS shares
Export without ACL: /share *(rw,sync,no_subtree_check)

Limit NFS access

linux

Restrict NFS access to trusted networks and users only

Configure /etc/exports with specific IP ranges: /share 192.168.1.0/24(rw,sync)
Use firewall rules: iptables -A INPUT -p tcp --dport 2049 -s trusted_network -j ACCEPT

🧯 If You Can't Patch

  • Disable NFSv3 and use NFSv4 instead (not affected)
  • Implement memory monitoring and alerts for kernel memory usage

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if NFSv3 with ACL is enabled: cat /proc/version && grep acl /etc/exports

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check for memory leaks during NFS operations: dmesg | grep -i 'nfs.*acl'

📡 Detection & Monitoring

Log Indicators:

  • Kernel OOM (Out of Memory) messages in dmesg
  • Increasing kernel memory usage in /proc/meminfo
  • NFS error logs with file creation failures

Network Indicators:

  • Unusual NFS traffic patterns with repeated file creation attempts

SIEM Query:

source="kernel" AND ("out of memory" OR "OOM") AND "nfs"

📊 Metadata

CVE ID: CVE-2021-47320
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: May 21, 2024
Last Updated: December 24, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47320, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)