CVE-2021-47552
📋 TL;DR
A race condition vulnerability in the Linux kernel's block multi-queue (blk-mq) subsystem can cause a NULL pointer dereference when destroying storage queues. This leads to kernel panic and system crash, affecting systems using SCSI storage devices with the blk-mq framework.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data corruption or loss if storage operations are interrupted.
Likely Case
System crash during storage device removal or system shutdown, resulting in temporary denial of service until system reboot.
If Mitigated
No impact if patched; unpatched systems may experience occasional crashes during storage operations.
🎯 Exploit Status
Exploitation requires triggering specific race condition during queue destruction; more likely to occur naturally during system operations than be deliberately exploited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel stable trees via commits 2a19b28f7929866e1cec92a3619f4de9f2d20005 and e03513f58919d9e2bc6df765ca2c9da863d03d90
Vendor Advisory: https://git.kernel.org/stable/c/2a19b28f7929866e1cec92a3619f4de9f2d20005
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid frequent storage device changes
linuxMinimize adding/removing SCSI storage devices while system is running
🧯 If You Can't Patch
- Implement strict change control for storage device operations
- Monitor system logs for kernel panic indicators and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions; examine if system uses SCSI storage with blk-mqCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits; check system logs for absence of related kernel panics📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'blk_mq_run_work_fn', 'sbitmap_get', or NULL pointer dereference at address 0000000000000300
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
Search for kernel panic events with stack traces containing blk_mq or sbitmap functions