CVE-2021-47451
📋 TL;DR
A kernel panic vulnerability in the Linux kernel's netfilter xt_IDLETIMER module occurs when adding IDLETIMER rules with uninitialized timer_type values. This affects Linux systems using the IDLETIMER netfilter module, potentially causing denial of service through system crashes.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash and denial of service requiring physical or remote reboot, potentially disrupting critical services.
Likely Case
Kernel panic when users or processes attempt to read IDLETIMER timer information via sysfs, causing system instability.
If Mitigated
Minor service interruption if system automatically recovers or has high availability configurations.
🎯 Exploit Status
The test commands in the CVE description demonstrate how to trigger the vulnerability. Requires CAP_NET_ADMIN or root privileges to add netfilter rules.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits 2a670c323055282c9b72794a491d53cef86bbeaf or similar fixes
Vendor Advisory: https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Unload IDLETIMER module
linuxPrevent loading of vulnerable xt_IDLETIMER kernel module
rmmod xt_IDLETIMER
echo 'blacklist xt_IDLETIMER' >> /etc/modprobe.d/blacklist.conf
Restrict netfilter rule modification
linuxLimit users who can add/modify netfilter rules
setcap -r /usr/sbin/iptables
chmod 750 /usr/sbin/iptables
🧯 If You Can't Patch
- Avoid using IDLETIMER netfilter rules in iptables/ebtables configurations
- Implement strict access controls to prevent unauthorized users from modifying netfilter rules
🔍 How to Verify
Check if Vulnerable:
Check if IDLETIMER module is loaded: lsmod | grep xt_IDLETIMER. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version is patched: uname -r. Verify with distribution's security advisory for specific patched versions.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- KASAN reports of user-memory-access in alarm_expires_remaining
Network Indicators:
- Unexpected system reboots or crashes after netfilter rule changes
SIEM Query:
source="kern.log" AND "KASAN: user-memory-access" AND "alarm_expires_remaining"🔗 References
- https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf
- https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e
- https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650
- https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf
- https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e
- https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650
