CVE-2021-47345
📋 TL;DR
A memory leak vulnerability exists in the Linux kernel's RDMA/CMA subsystem when rdma_resolve_route() is called multiple times on the same rdma_cm_id. This can cause gradual memory exhaustion on systems using RDMA (Remote Direct Memory Access), potentially affecting servers and high-performance computing clusters that utilize RDMA for low-latency networking.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic/crash.
Likely Case
Gradual memory consumption over time leading to performance degradation and potential service disruption in RDMA-dependent applications.
If Mitigated
Minimal impact with proper monitoring and memory limits in place; may cause occasional performance issues.
🎯 Exploit Status
Exploitation requires ability to trigger RDMA connection state machine errors repeatedly. Requires local access or ability to interact with RDMA services.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check kernel git commits for specific fixed versions
Vendor Advisory: https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable RDMA/CMA if not needed
linuxDisable RDMA CMA subsystem if not required for system functionality
modprobe -r rdma_cm
echo 'blacklist rdma_cm' >> /etc/modprobe.d/blacklist.conf
Monitor memory usage
linuxImplement monitoring for abnormal memory consumption in RDMA processes
watch -n 60 'cat /proc/meminfo | grep -E "MemFree|MemAvailable"'
🧯 If You Can't Patch
- Implement strict memory limits for RDMA-related processes using cgroups
- Monitor system logs for RDMA connection errors and restart affected services
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if RDMA CMA module is loaded: lsmod | grep rdma_cmCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for memory leaks in RDMA processes over time📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- RDMA connection error logs
- Abnormal memory consumption in /var/log/messages
Network Indicators:
- Unusual RDMA connection retry patterns
SIEM Query:
source="kernel" AND ("oom" OR "out of memory") AND process="rdma"🔗 References
- https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972
- https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac
- https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6
- https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b
- https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f
- https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9
- https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a
- https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8
- https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939
- https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972
- https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac
- https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6
- https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b
- https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f
- https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9
- https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a
- https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8
- https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939
