CVE-2021-47470
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's SLUB memory allocator debugfs interface allows local attackers to potentially execute arbitrary code or crash the system. This affects Linux systems with debugfs enabled for slab debugging. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel mode, allowing complete system compromise and arbitrary code execution at the highest privilege level.
Likely Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
If Mitigated
Limited impact if debugfs is disabled or access is restricted; system remains stable with proper access controls.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory layout; no public exploits known as of this analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 159d8cfbd0428d487c53be4722f33cdab0d25d83, 67823a544414def2a36c212abadb55b23bcda00c)
Vendor Advisory: https://git.kernel.org/stable/c/159d8cfbd0428d487c53be4722f33cdab0d25d83
Restart Required: Yes
Instructions:
1. Update Linux kernel to a patched version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel version or debugfs functionality.
🔧 Temporary Workarounds
Disable debugfs slab debugging
linuxPrevents the vulnerable code path from being accessible by disabling slab debugging via debugfs.
umount /sys/kernel/debug
echo 0 > /sys/kernel/slub_debug
Restrict debugfs access
linuxLimit access to debugfs to prevent unauthorized users from triggering the vulnerability.
mount -o remount,noexec,nosuid,nodev /sys/kernel/debug
chmod 700 /sys/kernel/debug
🧯 If You Can't Patch
- Disable CONFIG_SLUB_DEBUG in kernel configuration and rebuild kernel
- Implement strict access controls to prevent local users from accessing debugfs interfaces
🔍 How to Verify
Check if Vulnerable:
Check if debugfs is mounted and slab debugging is enabled: 'mount | grep debugfs' and 'cat /sys/kernel/slub_debug'Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases from your distribution vendor, or verify debugfs operations don't crash when slab debugging is enabled.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'slab' or 'debugfs'
- System crash/reboot events without clear cause
- Audit logs showing unauthorized access to /sys/kernel/debug
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops") AND ("slab" OR "debugfs")