CVE-2021-47462
📋 TL;DR
This CVE describes a Linux kernel memory policy vulnerability where mbind() allows illegal combinations of MPOL_F_NUMA_BALANCING and MPOL_LOCAL flags, leading to uninitialized memory access. This can cause kernel panics and system crashes. Systems running affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or corruption in active processes.
Likely Case
System instability or crash when specific memory policy operations are performed, requiring reboot to restore service.
If Mitigated
No impact if the vulnerability is not triggered through mbind() operations with illegal flag combinations.
🎯 Exploit Status
Requires ability to call mbind() system call with specific illegal flag combinations. Discovered through syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches in commits 6d2aec9e123b and 9ee4e9ae98f1
Vendor Advisory: https://git.kernel.org/stable/c/6d2aec9e123bb9c49cb5c7fc654f25f81e688e8c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes 6d2aec9e123b or 9ee4e9ae98f1
2. Reboot system to load new kernel
3. Verify kernel version after reboot
🔧 Temporary Workarounds
Restrict mbind() system call
linuxUse seccomp or other security mechanisms to restrict mbind() system call usage
Custom seccomp policy required based on distribution
🧯 If You Can't Patch
- Monitor for kernel panic events and investigate processes using mbind()
- Restrict user access to systems where kernel patching is not possible
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with affected versions containing commit bda420b98505Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fixes 6d2aec9e123b or 9ee4e9ae98f1: grep -q '6d2aec9e123b\|9ee4e9ae98f1' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KMSAN uninitialized memory warnings
- System crash/reboot events
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "KMSAN" OR "uninit-value" OR "mbind")