Login Sign Up

CVE-2021-47368

8.1 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's ENETC driver where temporary stack memory is incorrectly referenced for IRQ affinity hints. When reading from /proc/irq/*/affinity_hint, the system can crash with a kernel oops. This affects systems using Linux kernels with the ENETC Ethernet controller driver.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with ENETC driver before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with ENETC Ethernet controller hardware and the enetc driver loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel oops when reading from /proc/irq/*/affinity_hint, resulting in denial of service.

🟢

If Mitigated

No impact if the vulnerability is patched or the affected driver is not loaded.

🌐 Internet-Facing: LOW - Requires local access to read procfs files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes can trigger the crash, affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to read /proc/irq/*/affinity_hint files. No privilege escalation or remote code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 4c4c3052911b, 6c3f1b741c6c, 6f329d9da2a5, 7237a494decfa

Vendor Advisory: https://git.kernel.org/stable/c/4c4c3052911b577920353a7646e4883d5da40c28

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable ENETC driver

linux

Prevent loading of the vulnerable enetc driver module

echo 'blacklist enetc' >> /etc/modprobe.d/blacklist-enetc.conf
update-initramfs -u
reboot

Restrict procfs access

linux

Limit access to /proc/irq/*/affinity_hint files to prevent triggering

chmod 600 /proc/irq/*/affinity_hint

🧯 If You Can't Patch

  • Ensure only trusted users have local shell access to systems
  • Monitor system logs for kernel oops or crashes related to ENETC driver

🔍 How to Verify

Check if Vulnerable:

Check if enetc driver is loaded: lsmod | grep enetc. If loaded, check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: grep -q '4c4c3052911b\|6c3f1b741c6c\|6f329d9da2a5\|7237a494decfa' /proc/version_signature

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages in /var/log/kern.log or dmesg
  • System crashes or reboots

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kern.log" AND "Oops" AND "enetc"

📊 Metadata

CVE ID: CVE-2021-47368
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-400
Published: May 21, 2024
Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47368, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)