CVE-2021-47367
📋 TL;DR
This vulnerability in the Linux kernel's virtio-net driver causes memory pages to leak when building network packets in 'big mode'. This allows attackers to cause a denial of service through memory exhaustion. Systems using Linux with virtio-net virtualization are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or freeze due to memory exhaustion, potentially affecting multiple virtual machines on a host.
Likely Case
Degraded performance and eventual denial of service for affected virtual machines as memory becomes exhausted.
If Mitigated
Limited impact with proper memory monitoring and isolation between virtual machines.
🎯 Exploit Status
Requires local access to trigger the memory leak condition through network operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits afd92d82c9d715fb97565408755acad81573591a or f020bb63b5d2e5576acadd10e158fe3b04af67ba
Vendor Advisory: https://git.kernel.org/stable/c/afd92d82c9d715fb97565408755acad81573591a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Disable virtio-net big mode
linuxPrevent use of the vulnerable packet building mode
echo 0 > /sys/module/virtio_net/parameters/big_packets
🧯 If You Can't Patch
- Monitor system memory usage closely for unusual increases
- Isolate affected virtualization hosts from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if virtio-net module is loaded: 'lsmod | grep virtio_net'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and test memory stability under network load📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
Network Indicators:
- Unusual memory consumption patterns on virtualization hosts
SIEM Query:
source="kernel" AND ("Out of memory" OR "oom-killer") AND virtio_net