Login Sign Up

CVE-2021-47424

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's i40e network driver causes a kernel Oops (crash) when driver initialization fails, leading to an attempt to free uninitialized interrupt vectors. It affects systems using Intel Ethernet 700 Series network adapters with the i40e driver. The vulnerability can cause system instability or denial of service.

💻 Affected Systems

Products:
  • Linux kernel with i40e driver
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel Ethernet 700 Series network adapter and i40e driver. Vulnerability triggers during driver initialization failure.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or kernel panic leading to complete denial of service, requiring physical or remote reboot.

🟠

Likely Case

System instability or crash during driver initialization, particularly when network hardware setup fails.

🟢

If Mitigated

Minor system instability during driver initialization that may require manual intervention to recover.

🌐 Internet-Facing: LOW - Requires local access or driver initialization failure, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Can affect servers and workstations during driver initialization or hardware changes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires triggering driver initialization failure, typically through hardware issues or specific system states.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 17063cac4088b8e2fc0f633abddca5426ed58312, 2e5a20573a926302b233b0c2e1077f5debc7ab2e, 60ad4cde0ad28921f9ea25b0201c774b95ffa4b4, 75099439209d3cda439a1d9b00d19a50f0066fef, 97aeed72af4f83ae51534f0a2473ff52f8d66236

Vendor Advisory: https://git.kernel.org/stable/c/17063cac4088b8e2fc0f633abddca5426ed58312

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable i40e driver

linux

Prevent loading of vulnerable i40e driver if Intel Ethernet 700 Series adapters are not required

echo 'blacklist i40e' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Avoid hardware changes or driver reloads that could trigger initialization failures
  • Monitor system logs for i40e driver errors and have recovery procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if i40e module is loaded: uname -r && lsmod | grep i40e

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or check if i40e driver loads without errors in dmesg

📡 Detection & Monitoring

Log Indicators:

  • Kernel Oops messages mentioning i40e_clear_interrupt_scheme
  • WARNING: CPU: 0 PID: 5 at kernel/irq/manage.c:1731 __free_irq
  • Trying to free already-free IRQ

Network Indicators:

  • Network interface failures during system boot or driver initialization

SIEM Query:

event_source:kernel AND (message:"i40e_clear_interrupt_scheme" OR message:"Trying to free already-free IRQ")

📊 Metadata

CVE ID: CVE-2021-47424
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-908
Published: May 21, 2024
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47424, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)