CVE-2021-47438
📋 TL;DR
A memory leak vulnerability in the Linux kernel's mlx5 network driver occurs when destroying completion queues fails, causing unreleased memory allocations. This affects systems using Mellanox network adapters with the mlx5 driver. The vulnerability can lead to gradual memory exhaustion over time.
💻 Affected Systems
- Linux kernel with mlx5 network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service requiring reboot.
Likely Case
Gradual memory leak during normal network operations, potentially causing performance degradation over extended periods.
If Mitigated
Minimal impact with proper monitoring and memory limits in place.
🎯 Exploit Status
Exploitation requires ability to trigger mlx5_core_destroy_cq() error conditions, typically through privileged operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 4f7bddf8c5c01cac74373443b13a68e1c6723a94 or 94b960b9deffc02fc0747afc01f72cc62ab099e3
Vendor Advisory: https://git.kernel.org/stable/c/4f7bddf8c5c01cac74373443b13a68e1c6723a94
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable mlx5 driver
linuxRemove or blacklist mlx5 driver if Mellanox adapters are not required
echo 'blacklist mlx5_core' > /etc/modprobe.d/blacklist-mlx5.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for memory leak indicators
- Restrict privileged operations that could trigger mlx5_core_destroy_cq() errors
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_core module is loaded: lsmod | grep mlx5_coreCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check for memory leak using tools like kmemleak or monitoring memory usage📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing memory allocation failures
- kmemleak reports of unreferenced mlx5 objects
- System logs showing high memory usage
Network Indicators:
- None specific - this is a local memory management issue
SIEM Query:
source="kernel" AND ("mlx5" OR "memory leak" OR "kmemleak")🔗 References
- https://git.kernel.org/stable/c/4f7bddf8c5c01cac74373443b13a68e1c6723a94
- https://git.kernel.org/stable/c/94b960b9deffc02fc0747afc01f72cc62ab099e3
- https://git.kernel.org/stable/c/ed8aafea4fec9c654e63445236e0b505e27ed3a7
- https://git.kernel.org/stable/c/4f7bddf8c5c01cac74373443b13a68e1c6723a94
- https://git.kernel.org/stable/c/94b960b9deffc02fc0747afc01f72cc62ab099e3
- https://git.kernel.org/stable/c/ed8aafea4fec9c654e63445236e0b505e27ed3a7
