CVE-2021-47375
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's blktrace subsystem that allows local attackers to cause a kernel NULL pointer dereference, leading to denial of service (system crash). It affects Linux systems where blktrace is enabled and can be triggered by users with access to block device ioctl operations.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data corruption or loss.
Likely Case
Local denial of service through kernel crash, requiring system reboot to recover.
If Mitigated
Minimal impact if blktrace is disabled or access to block device ioctl operations is restricted.
🎯 Exploit Status
Exploit requires local access and specific timing conditions. The reproduction method is documented in the CVE description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 3815fe7371d2411ce164281cef40d9fc7b323dee, 488da313edf3abea7f7733efe011c96b23740ab5, 5afedf670caf30a2b5a52da96eb7eac7dee6a9c9, 677e362ba807f3aafe6f405c07e0b37244da5222, a5f8e86192612d0183047448d8bbe7918b3f1a26
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable blktrace
linuxPrevent use of blktrace subsystem to eliminate attack surface
echo 0 > /sys/kernel/debug/tracing/events/block/enable
rmmod blktrace
Restrict block device access
linuxLimit which users can access block device ioctl operations
chmod 600 /dev/sd*
setfacl -m u:root:rw- /dev/sd*
🧯 If You Can't Patch
- Disable blktrace module and remove access to /sys/block/*/trace/enable
- Implement strict access controls on block devices and monitor for suspicious ioctl activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if blktrace is loaded: uname -r && lsmod | grep blktraceCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: grep -q 'blk_trace_remove_queue.*running_list' /proc/kallsyms || echo 'Patched'📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference messages
- BUG: kernel NULL pointer dereference in trace_note
- blktrace related crashes in dmesg
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "trace_note"🔗 References
- https://git.kernel.org/stable/c/3815fe7371d2411ce164281cef40d9fc7b323dee
- https://git.kernel.org/stable/c/488da313edf3abea7f7733efe011c96b23740ab5
- https://git.kernel.org/stable/c/5afedf670caf30a2b5a52da96eb7eac7dee6a9c9
- https://git.kernel.org/stable/c/677e362ba807f3aafe6f405c07e0b37244da5222
- https://git.kernel.org/stable/c/a5f8e86192612d0183047448d8bbe7918b3f1a26
- https://git.kernel.org/stable/c/d56171d9360c0170c5c5f8f7e2362a2e999eca40
- https://git.kernel.org/stable/c/dacfd5e4d1142bfb3809aab3634a375f6f373269
- https://git.kernel.org/stable/c/ebb8d26d93c3ec3c7576c52a8373a2309423c069
- https://git.kernel.org/stable/c/3815fe7371d2411ce164281cef40d9fc7b323dee
- https://git.kernel.org/stable/c/488da313edf3abea7f7733efe011c96b23740ab5
- https://git.kernel.org/stable/c/5afedf670caf30a2b5a52da96eb7eac7dee6a9c9
- https://git.kernel.org/stable/c/677e362ba807f3aafe6f405c07e0b37244da5222
- https://git.kernel.org/stable/c/a5f8e86192612d0183047448d8bbe7918b3f1a26
- https://git.kernel.org/stable/c/d56171d9360c0170c5c5f8f7e2362a2e999eca40
- https://git.kernel.org/stable/c/dacfd5e4d1142bfb3809aab3634a375f6f373269
- https://git.kernel.org/stable/c/ebb8d26d93c3ec3c7576c52a8373a2309423c069
