CVE-2021-47401
📋 TL;DR
This CVE describes an information leak vulnerability in the Linux kernel's ipack ipoctal driver. The driver allocates tty device names on the stack, which can leak kernel stack memory to user space when accessed. This affects Linux systems using the vulnerable ipack driver module.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure could reveal sensitive information including passwords, encryption keys, or other privileged data from kernel space, potentially leading to privilege escalation or system compromise.
Likely Case
Information disclosure of kernel stack memory, which could reveal system state information but requires local access and specific conditions to trigger.
If Mitigated
Minimal impact with proper access controls and SELinux/AppArmor policies restricting user access to tty devices.
🎯 Exploit Status
Exploitation requires local access, specific driver usage, and knowledge of how to trigger the information leak through tty device access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0a9c36a2e06a, 2725925982dc, 5f6a309a6996, 741ea2670e02, 829f13d6079c
Vendor Advisory: https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify ipack driver is not vulnerable by checking kernel version.
🔧 Temporary Workarounds
Unload ipack driver module
linuxRemove the vulnerable driver module if not needed
sudo rmmod ipoctal
sudo modprobe -r ipoctal
Blacklist ipack driver
linuxPrevent driver from loading at boot
echo 'blacklist ipoctal' | sudo tee /etc/modprobe.d/blacklist-ipoctal.conf
🧯 If You Can't Patch
- Restrict access to tty devices using file permissions and mandatory access controls
- Monitor for suspicious access to /dev/tty* devices and kernel module loading
🔍 How to Verify
Check if Vulnerable:
Check if ipack driver is loaded: lsmod | grep ipoctal. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and ipack driver is either not loaded or from patched kernel.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to ipack or tty drivers
- Unexpected access to /dev/tty* devices
Network Indicators:
- None - local vulnerability only
SIEM Query:
process.name="cat" AND file.path="/dev/tty*" AND user.uid!=0🔗 References
- https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575
- https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7
- https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426
- https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0
- https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d
- https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7
- https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c
- https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380
- https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575
- https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7
- https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426
- https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0
- https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d
- https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7
- https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c
- https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380
