CVE-2021-47390 – This CVE describes a stack-based buffer overflo... (How to Fix)

Q: What is the severity of CVE-2021-47390?

CVE-2021-47390 has a CVSS score of 7.1 (HIGH). This CVE describes a stack-based buffer overflow vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem. The flaw occurs when the ioapic_write_indirect() function incorrectly allocates a vcpu_bitmap on the stack, allowing attackers to read kernel stack memory. This affects systems running Linux with KVM virtualization enabled.

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem. The flaw occurs when the ioapic_write_indirect() function incorrectly allocates a vcpu_bitmap on the stack, allowing attackers to read kernel stack memory. This affects systems running Linux with KVM virtualization enabled.

💻 Affected Systems

Products:

Linux kernel with KVM virtualization

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with KVM support

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with KVM virtualization enabled and running virtual machines.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of kernel stack memory could lead to privilege escalation or kernel crash, potentially allowing attackers to gain root access or cause denial of service.

🟠

Likely Case

Information disclosure of kernel memory, potentially exposing sensitive data or causing system instability.

🟢

If Mitigated

Limited impact with proper access controls and virtualization isolation, though information disclosure risk remains.

🌐 Internet-Facing: LOW - Requires local access to the host system or compromise of a guest VM.

🏢 Internal Only: MEDIUM - Malicious users or compromised VMs on the same host could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the host system or ability to run code in a guest VM. The vulnerability is a read-only memory disclosure, not a write vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel commits: 2f9b68f57c6278c322793a06063181deded0ad69, 99a9e9b80f19fc63be005a33d76211dd23114792, bebabb76ad9acca8858e0371e102fb60d708e25b

Vendor Advisory: https://git.kernel.org/stable/c/2f9b68f57c6278c322793a06063181deded0ad69

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable KVM virtualization

linux

Disable KVM module loading to prevent exploitation

echo 'blacklist kvm' >> /etc/modprobe.d/blacklist.conf
rmmod kvm

🧯 If You Can't Patch

Restrict access to virtualization hosts to trusted users only
Implement strict VM isolation and monitor for unusual guest behavior

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if KVM module is loaded: lsmod | grep kvm

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with your distribution's security advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN reports of stack-out-of-bounds access
System crashes related to KVM

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for kernel logs containing 'KASAN: stack-out-of-bounds' or 'ioapic_write_indirect' errors

📊 Metadata

CVE ID: CVE-2021-47390

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: May 21, 2024

Last Updated: December 30, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47390, you might also want to check these: