CVE-2021-47399 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2021-47399?

CVE-2021-47399 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's ixgbe network driver allows local attackers to cause a kernel panic (denial of service) when XDP (eXpress Data Path) is configured on systems with fewer than 63 CPUs. This affects systems using Intel 10GbE network adapters with the ixgbe driver.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's ixgbe network driver allows local attackers to cause a kernel panic (denial of service) when XDP (eXpress Data Path) is configured on systems with fewer than 63 CPUs. This affects systems using Intel 10GbE network adapters with the ixgbe driver.

💻 Affected Systems

Products:

Linux kernel with ixgbe driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when XDP is configured on Intel 10GbE adapters with fewer than 63 online CPUs and queues manually set to 63 via ethtool.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

System crash when XDP is enabled on affected hardware configurations, causing temporary service disruption.

🟢

If Mitigated

No impact if XDP is not used or systems have 63+ CPUs, or if the patch is applied.

🌐 Internet-Facing: LOW - Requires local access or ability to configure network interfaces via privileged commands.

🏢 Internal Only: MEDIUM - Local users with CAP_NET_ADMIN or root privileges can trigger the crash on vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires CAP_NET_ADMIN privileges to configure network queues and XDP. Triggering requires specific hardware and configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 20f6c4a31a525edd9ea6243712b868ba0e4e331e and 2744341dd52e935344ca1b4bf189ba0d182a3e8e

Vendor Advisory: https://git.kernel.org/stable/c/20f6c4a31a525edd9ea6243712b868ba0e4e331e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable XDP

linux

Remove XDP programs from affected network interfaces

ip link set dev <interface> xdp off

Limit queue count

linux

Ensure queue count does not exceed online CPU count

ethtool -L <interface> combined <num_cpus>

🧯 If You Can't Patch

Do not configure XDP on Intel 10GbE interfaces
Ensure queue count via ethtool does not exceed online CPU count

🔍 How to Verify

Check if Vulnerable:

Check if running vulnerable kernel version and have ixgbe interfaces with XDP configured on systems with <63 CPUs

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or test XDP configuration no longer causes panic

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference in kernel logs
System crash/reboot events

Network Indicators:

Sudden loss of network connectivity on affected interfaces

SIEM Query:

search 'kernel panic' OR 'NULL pointer dereference' AND 'ixgbe' OR 'XDP'

📊 Metadata

CVE ID: CVE-2021-47399

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 21, 2024

Last Updated: December 24, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47399, you might also want to check these: