CVE-2021-47466
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's SLUB allocator. When kmem_cache_open() fails during initialization, it doesn't properly clean up random_seq resources, causing gradual memory exhaustion. This affects all Linux systems using the vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to complete system memory exhaustion, causing kernel panics, system crashes, and denial of service across all running processes.
Likely Case
Gradual memory consumption over time leading to performance degradation, application failures, and eventual system instability requiring reboots.
If Mitigated
With proper monitoring and memory limits, impact is limited to performance issues and potential service disruptions rather than complete system failure.
🎯 Exploit Status
Exploitation requires kernel-level access or ability to trigger specific error conditions in kmem_cache_open()
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes available (see references)
Vendor Advisory: https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Memory monitoring and limits
linuxImplement aggressive memory monitoring and process limits to detect and contain memory leaks
# Set memory limits for processes
ulimit -v [LIMIT]
# Monitor memory usage
watch -n 1 'free -h'
🧯 If You Can't Patch
- Implement comprehensive memory monitoring with alerts for unusual consumption patterns
- Establish regular system reboot schedules to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check kernel version against distribution's security advisories or run: uname -r and compare with known vulnerable versionsCheck Version:
uname -rVerify Fix Applied:
After patching, verify kernel version with: uname -r and ensure it matches patched version from vendor advisory📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Out of memory (OOM) killer activity in syslog
- Gradually increasing memory usage in system logs
Network Indicators:
- None - this is a local memory management issue
SIEM Query:
source="kernel" AND ("out of memory" OR "oom" OR "slub" OR "kmem_cache")🔗 References
- https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f
- https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb
- https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930
- https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461
- https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f
- https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb
- https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930
- https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461
