CVE-2021-47455
📋 TL;DR
A memory leak vulnerability in the Linux kernel's Precision Time Protocol (PTP) subsystem allows attackers to cause denial of service by exhausting kernel memory. This affects Linux systems using PTP hardware clocks, particularly those with specific PTP hardware drivers like ptp_idt82p33. The vulnerability occurs when ptp_clock_register() fails but doesn't properly clean up allocated memory.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service across the entire system.
Likely Case
Local attackers could trigger repeated failed PTP clock registrations to gradually consume kernel memory, potentially degrading system performance or causing targeted service disruptions.
If Mitigated
With proper access controls and monitoring, impact is limited to local users who can trigger the specific failure condition in PTP device registration.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the specific failure path in PTP device registration. Not trivial but possible for determined attackers with appropriate privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 4225fea1cb28370086e17e82c0f69bec2779dca0, 95c0a0c5ec8839f8f21672be786e87a100319ca8, f1c96d8085588e1b997a96214b409ac3be20b524
Vendor Advisory: https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable PTP subsystem
linuxRemove PTP support from kernel if not needed
echo 'blacklist ptp' >> /etc/modprobe.d/blacklist.conf
rmmod ptp
Restrict PTP device access
linuxLimit which users can access PTP devices
chmod 600 /dev/ptp*
setfacl -m u:root:rw /dev/ptp*
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from loading PTP modules or accessing PTP devices
- Monitor kernel memory usage and system logs for signs of memory exhaustion or repeated PTP registration failures
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if PTP subsystem is loaded: 'uname -r' and 'lsmod | grep ptp'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for PTP-related errors after attempting to load PTP modules📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
- Repeated PTP device registration failures
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR "ptp_clock_register" OR "memory leak")🔗 References
- https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0
- https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8
- https://git.kernel.org/stable/c/f1c96d8085588e1b997a96214b409ac3be20b524
- https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0
- https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
