CVE-2021-47363
📋 TL;DR
A division by zero vulnerability in the Linux kernel's nexthop resilient group replacement feature can cause kernel panics and system crashes. This affects Linux systems using resilient nexthop groups for network routing. The vulnerability is triggered when replacing resilient nexthop groups while traffic is being forwarded through them.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting network connectivity and requiring system reboot.
Likely Case
System crash or kernel panic when resilient nexthop groups are replaced during active traffic forwarding, causing temporary service disruption.
If Mitigated
No impact if resilient nexthop groups are not used or if patched kernel is deployed.
🎯 Exploit Status
Exploitation requires ability to configure resilient nexthop groups and trigger replacement operations. Discovered through torture tests rather than real-world exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 563f23b002534176f49524b5ca0e1d94d8906c40 and e9d32ec26e7f01d1af13bdc687f586362546aa25
Vendor Advisory: https://git.kernel.org/stable/c/563f23b002534176f49524b5ca0e1d94d8906c40
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Avoid resilient nexthop group replacement
linuxDo not replace resilient nexthop groups while traffic is being forwarded through them
Disable resilient nexthop groups
linuxAvoid using resilient nexthop group feature if not required
🧯 If You Can't Patch
- Avoid using resilient nexthop groups in network configuration
- Schedule maintenance windows for nexthop group changes when minimal traffic is present
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if resilient nexthop groups are configured: 'ip nexthop list' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- divide error messages in system logs
- nexthop-related crash dumps
Network Indicators:
- Sudden loss of routing functionality
- Network connectivity disruptions
SIEM Query:
Search for 'divide error' OR 'nexthop' OR 'kernel panic' in system logs