CVE-2021-47397
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the Linux kernel's SCTP (Stream Control Transmission Protocol) implementation. It allows attackers to cause a kernel panic or denial of service by sending specially crafted network packets. Systems running vulnerable Linux kernel versions with SCTP enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel crash leading to system reboot and denial of service, potentially disrupting critical services.
Likely Case
Localized denial of service affecting SCTP services or network connectivity on the targeted system.
If Mitigated
Minimal impact if SCTP is disabled or systems are not exposed to untrusted networks.
🎯 Exploit Status
Exploitation requires crafting SCTP packets; no public proof-of-concept known, but syzbot reports indicate it's triggerable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits referenced in CVE (e.g., 77bc7dcf0fcc, 8180611c238e).
Vendor Advisory: https://git.kernel.org/stable/c/77bc7dcf0fcc1519341a91788d7a2914fcfddf6d
Restart Required: Yes
Instructions:
1. Update Linux kernel to a patched version from your distribution's repository. 2. Reboot the system to apply the kernel update.
🔧 Temporary Workarounds
Disable SCTP kernel module
linuxPrevents exploitation by unloading the SCTP module if not needed.
sudo modprobe -r sctp
echo 'blacklist sctp' | sudo tee /etc/modprobe.d/blacklist-sctp.conf
🧯 If You Can't Patch
- Restrict network access to SCTP ports (default 9899, 9900) using firewalls.
- Monitor systems for crashes or unusual SCTP traffic and isolate affected machines.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if SCTP is enabled: 'uname -r' and 'lsmod | grep sctp'.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched by comparing to distribution advisories and ensure SCTP module is not loaded or updated.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs in /var/log/kern.log or dmesg output indicating null pointer dereference in SCTP functions.
Network Indicators:
- Unusual SCTP packet traffic to vulnerable systems, especially malformed packets.
SIEM Query:
Example: 'source="kern.log" AND "null-ptr-deref" AND "sctp"'🔗 References
- https://git.kernel.org/stable/c/77bc7dcf0fcc1519341a91788d7a2914fcfddf6d
- https://git.kernel.org/stable/c/8180611c238e11676612eb2a9828b1c7a3a4d77b
- https://git.kernel.org/stable/c/8c630a7b4f9dec63f08bd881ab77984a724a5124
- https://git.kernel.org/stable/c/9c6591ae8e63f93c895ad5e2703c36c548aac997
- https://git.kernel.org/stable/c/ec018021cf445abbe8e2f3e2a7f1dcc813cb8ea1
- https://git.kernel.org/stable/c/f7e745f8e94492a8ac0b0a26e25f2b19d342918f
- https://git.kernel.org/stable/c/77bc7dcf0fcc1519341a91788d7a2914fcfddf6d
- https://git.kernel.org/stable/c/8180611c238e11676612eb2a9828b1c7a3a4d77b
- https://git.kernel.org/stable/c/8c630a7b4f9dec63f08bd881ab77984a724a5124
- https://git.kernel.org/stable/c/9c6591ae8e63f93c895ad5e2703c36c548aac997
- https://git.kernel.org/stable/c/ec018021cf445abbe8e2f3e2a7f1dcc813cb8ea1
- https://git.kernel.org/stable/c/f7e745f8e94492a8ac0b0a26e25f2b19d342918f
