CVE-2021-47393
📋 TL;DR
A kernel memory corruption vulnerability in the Linux kernel's mlxreg-fan driver allows local attackers to trigger an out-of-bounds read when enforcing fan speed limits via sysfs. This can lead to kernel crashes or potential privilege escalation. Affects systems using Mellanox hardware with CONFIG_THERMAL_STATISTICS enabled.
💻 Affected Systems
- Linux kernel with mlxreg-fan driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to root via memory corruption.
Likely Case
Kernel crash causing system instability or denial of service.
If Mitigated
Limited to local attackers with write access to sysfs fan controls; proper access controls reduce risk.
🎯 Exploit Status
Requires local access and ability to write to sysfs fan control files; exploitation requires specific hardware configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel stable releases via commits: 5c6e0bce647d9cb32a17d58ffa669b3421fcc6ca, 76bbb482d33bfcd7e9070ecf594c9ec73e01c930, a6c42ae1530f94724d3c42cf91fe3d3c5e394f8a, aa85fb7bde558bb2e364e85976b14b259c8b6fe8, e6fab7af6ba1bc77c78713a83876f60ca7a4a064
Vendor Advisory: https://git.kernel.org/stable/c/5c6e0bce647d9cb32a17d58ffa669b3421fcc6ca
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Reboot system. 3. Verify kernel version and that mlxreg-fan module loads correctly.
🔧 Temporary Workarounds
Disable CONFIG_THERMAL_STATISTICS
linuxRebuild kernel without thermal statistics support to prevent the vulnerable code path.
Reconfigure kernel with CONFIG_THERMAL_STATISTICS=n and rebuild
Restrict sysfs access
linuxLimit write access to /sys/class/thermal/cooling_device*/cur_state files.
chmod 644 /sys/class/thermal/cooling_device*/cur_state
chown root:root /sys/class/thermal/cooling_device*/cur_state
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable configuration
- Monitor for kernel panic logs and investigate unauthorized sysfs writes
🔍 How to Verify
Check if Vulnerable:
Check if kernel has mlxreg-fan module loaded and CONFIG_THERMAL_STATISTICS enabled: lsmod | grep mlxreg_fan && grep CONFIG_THERMAL_STATISTICS /boot/config-$(uname -r)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits and test fan control via sysfs without triggering crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN error reports mentioning thermal_cooling_device_stats_update
- Unexpected system reboots
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "thermal_cooling_device_stats_update")🔗 References
- https://git.kernel.org/stable/c/5c6e0bce647d9cb32a17d58ffa669b3421fcc6ca
- https://git.kernel.org/stable/c/76bbb482d33bfcd7e9070ecf594c9ec73e01c930
- https://git.kernel.org/stable/c/a6c42ae1530f94724d3c42cf91fe3d3c5e394f8a
- https://git.kernel.org/stable/c/aa85fb7bde558bb2e364e85976b14b259c8b6fe8
- https://git.kernel.org/stable/c/e6fab7af6ba1bc77c78713a83876f60ca7a4a064
- https://git.kernel.org/stable/c/5c6e0bce647d9cb32a17d58ffa669b3421fcc6ca
- https://git.kernel.org/stable/c/76bbb482d33bfcd7e9070ecf594c9ec73e01c930
- https://git.kernel.org/stable/c/a6c42ae1530f94724d3c42cf91fe3d3c5e394f8a
- https://git.kernel.org/stable/c/aa85fb7bde558bb2e364e85976b14b259c8b6fe8
- https://git.kernel.org/stable/c/e6fab7af6ba1bc77c78713a83876f60ca7a4a064
