CVE-2021-47343
📋 TL;DR
This CVE is an uninitialized variable vulnerability in the Linux kernel's device mapper btree removal function. When removal fails due to an IO read error, an uninitialized value can be assigned to the root pointer, potentially leading to out-of-bounds memory access and system crashes. This affects Linux systems using device mapper features like dm-thin.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially allowing information disclosure through memory corruption.
Likely Case
System crash or kernel panic when specific device mapper operations fail due to IO errors.
If Mitigated
No impact if proper kernel patches are applied or affected device mapper features are not used.
🎯 Exploit Status
Exploitation requires specific conditions: local access, device mapper usage, and triggering IO errors during btree removal.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 4c84b3e0728ffe10d89c633694c35a02b5c477dc or later
Vendor Advisory: https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable device mapper features
linuxAvoid using dm-thin and other device mapper features that trigger the vulnerable code path
🧯 If You Can't Patch
- Monitor system logs for device mapper errors and kernel panics
- Restrict local user access to device mapper operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions. Vulnerable if using unpatched kernel with device mapper features.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits. Check /proc/version or uname -r.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- General protection fault errors
- Device mapper error logs
SIEM Query:
source="kernel" AND ("general protection fault" OR "dm_btree_remove" OR "device mapper" AND error)🔗 References
- https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc
- https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3
- https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9
- https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5
- https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851
- https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a
- https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb
- https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e
- https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5
- https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc
- https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3
- https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9
- https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5
- https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851
- https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a
- https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb
- https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e
- https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5
