Login Sign Up

CVE-2021-47340

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's JFS filesystem implementation. When the kernel attempts to free an inode structure with a missing ipimap pointer, it triggers a General Protection Fault (GPF) that can crash the system. This affects any Linux system using the JFS filesystem.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable JFS code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if JFS filesystem is mounted and in use. Many systems don't use JFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash leading to denial of service, potential data corruption if the crash occurs during critical filesystem operations.

🟠

Likely Case

System crash or kernel panic resulting in denial of service, requiring a reboot to restore functionality.

🟢

If Mitigated

Minimal impact if JFS filesystem is not in use or if the system has proper monitoring and crash recovery mechanisms.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the filesystem and cannot be triggered remotely.
🏢 Internal Only: MEDIUM - Local users or processes with access to JFS filesystems could potentially trigger the crash, affecting system availability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger specific JFS operations. No known public exploits as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 3bb27e27240289b47d3466f647a55c567adbdc3a, 42f102ea1943ecb10a0756bf75424de5d1d5beed, 49def1b0644892e3b113673c13d650c3060b43bc, 745c9a59422c63f661f4374ed5181740db4130a1, 7bde24bde490f3139eee147efc6d60d6040fe975

Vendor Advisory: https://git.kernel.org/stable/c/3bb27e27240289b47d3466f647a55c567adbdc3a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable JFS filesystem

linux

Prevent loading of JFS kernel module to eliminate attack surface

echo 'install jfs /bin/false' >> /etc/modprobe.d/disable-jfs.conf
rmmod jfs 2>/dev/null || true

Unmount JFS filesystems

linux

Unmount any existing JFS filesystems to prevent exploitation

umount /path/to/jfs/mountpoint
grep jfs /proc/mounts | awk '{print $2}' | xargs -r umount

🧯 If You Can't Patch

  • Ensure no JFS filesystems are mounted on production systems
  • Implement strict access controls to limit who can interact with JFS filesystems

🔍 How to Verify

Check if Vulnerable:

Check if JFS filesystem is in use: 'grep jfs /proc/mounts' or 'lsmod | grep jfs'. If JFS is loaded/mounted and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from your distribution. Verify JFS module is not loaded: 'lsmod | grep -q jfs && echo "VULNERABLE" || echo "SAFE"'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • General Protection Fault (GPF) errors
  • JFS-related crash reports

Network Indicators:

  • None - this is a local filesystem vulnerability

SIEM Query:

source="kernel" AND ("GPF" OR "NULL pointer dereference" OR "jfs" OR "diFree")

📊 Metadata

CVE ID: CVE-2021-47340
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: May 21, 2024
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47340, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)