CVE-2021-47473
📋 TL;DR
A memory leak vulnerability in the Linux kernel's QLogic Fibre Channel driver (qla2xxx) could allow local attackers to cause denial of service through resource exhaustion. The bug occurs when processing Extended Link Services (ELS) commands incorrectly, potentially leaking kernel memory structures. Systems using QLogic Fibre Channel adapters with the affected driver are vulnerable.
💻 Affected Systems
- Linux kernel with qla2xxx driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attackers could exhaust kernel memory, causing system instability, crashes, or denial of service through repeated exploitation.
Likely Case
Local users or processes could cause gradual memory consumption, leading to performance degradation or system instability over time.
If Mitigated
With proper access controls limiting local user privileges, the impact is reduced to authorized users only, though still poses risk to system stability.
🎯 Exploit Status
Requires local access and knowledge of how to trigger ELS command processing. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes from commits 7fb223d0ad801f633c78cbe42b1d1b55f5d163ad, 96f0aebf29be25254fa585af43924e34aa21fd9a, a7fbb56e6c941d9f59437b96412a348e66388d3e
Vendor Advisory: https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable qla2xxx module
linuxPrevent loading of the vulnerable driver if QLogic adapters are not required
echo 'blacklist qla2xxx' >> /etc/modprobe.d/blacklist.conf
rmmod qla2xxx
Restrict local access
allLimit local user access to systems with vulnerable drivers
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system memory usage and kernel logs for signs of memory exhaustion
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if qla2xxx module is loaded: lsmod | grep qla2xxx && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check for memory leak patterns in /proc/meminfo and kernel logs📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
- qla2xxx driver error messages
Network Indicators:
- Unusual Fibre Channel traffic patterns triggering ELS commands
SIEM Query:
source="kernel" AND ("qla2xxx" OR "memory allocation failure" OR "oom-killer")🔗 References
- https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad
- https://git.kernel.org/stable/c/96f0aebf29be25254fa585af43924e34aa21fd9a
- https://git.kernel.org/stable/c/a7fbb56e6c941d9f59437b96412a348e66388d3e
- https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad
- https://git.kernel.org/stable/c/96f0aebf29be25254fa585af43924e34aa21fd9a
- https://git.kernel.org/stable/c/a7fbb56e6c941d9f59437b96412a348e66388d3e
