CVE-2021-47458
📋 TL;DR
A buffer overflow vulnerability in the Linux kernel's OCFS2 filesystem driver allows local attackers to trigger a kernel panic (denial of service) when mounting OCFS2 filesystems. The vulnerability affects systems with CONFIG_FORTIFY_SOURCE enabled and using OCFS2 with o2cb or pcmk cluster stacks. Attackers with local access can crash the system by mounting specially crafted OCFS2 filesystems.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, though this is unlikely as the vulnerability primarily triggers a panic via FORTIFY_SOURCE detection.
Likely Case
Local denial of service through kernel panic when mounting malicious OCFS2 filesystems, requiring system reboot.
If Mitigated
No impact if systems don't use OCFS2 filesystems or have CONFIG_FORTIFY_SOURCE disabled.
🎯 Exploit Status
Exploitation requires local access to create/mount OCFS2 filesystems. The vulnerability is triggered during mount operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0e677ea5b7396f715a76b6b0ef441430e4c4b57f or later
Vendor Advisory: https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Disable CONFIG_FORTIFY_SOURCE
linuxDisable FORTIFY_SOURCE kernel configuration to prevent buffer overflow detection from triggering panic
Rebuild kernel with CONFIG_FORTIFY_SOURCE=n
Avoid OCFS2 mounting
linuxPrevent mounting of OCFS2 filesystems from untrusted sources
Remove OCFS2 kernel module: rmmod ocfs2
Blacklist OCFS2 module: echo 'blacklist ocfs2' > /etc/modprobe.d/blacklist-ocfs2.conf
🧯 If You Can't Patch
- Restrict local user access to prevent untrusted users from mounting filesystems
- Disable OCFS2 kernel module and avoid using OCFS2 filesystems
🔍 How to Verify
Check if Vulnerable:
Check kernel version: 'uname -r' and verify if between 5.11 and 5.14.6-2. Check if OCFS2 module is loaded: 'lsmod | grep ocfs2'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched (after 5.14.6-2) and test mounting OCFS2 filesystem doesn't trigger panic📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages with 'detected buffer overflow in strlen'
- OCFS2 mount failures in system logs
- Kernel BUG at lib/string.c:1149 in dmesg
Network Indicators:
- No network indicators - local filesystem vulnerability
SIEM Query:
source="kernel" AND "buffer overflow in strlen" OR "ocfs2_initialize_super" OR "fortify_panic"🔗 References
- https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f
- https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498
- https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e
- https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1
- https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad
- https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb
- https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc
- https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c
- https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f
- https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498
- https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e
- https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1
- https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad
- https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb
- https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc
- https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c
