CVE-2021-47559
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's SMC (Shared Memory Communications) networking subsystem. When exploited, it can cause kernel panics or system crashes, affecting all Linux systems using SMC functionality. The vulnerability occurs when iterating over network device lower layers without proper NULL checking.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially requiring physical reboot of affected systems.
Likely Case
System crash or kernel panic when specific network operations are performed on systems with VLAN configurations using SMC.
If Mitigated
No impact if SMC is not used or if systems are properly patched.
🎯 Exploit Status
Exploitation requires ability to trigger specific network operations on systems with SMC enabled and VLAN configurations. Likely requires local access or network-level access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 587acad41f1bc48e16f42bb2aca63bf323380be8, bb851d0fb02547d03cd40106b5f2391c4fed6ed1, c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff
Vendor Advisory: https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable SMC functionality
linuxDisable Shared Memory Communications if not required
modprobe -r smc
echo 'blacklist smc' > /etc/modprobe.d/disable-smc.conf
🧯 If You Can't Patch
- Disable SMC module if not required for system functionality
- Restrict network operations that could trigger the vulnerable code path
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if SMC module is loaded: lsmod | grep smc && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check for presence of fix commits in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- Unusual SMC-related network operations
SIEM Query:
source="kernel" AND ("NULL pointer" OR "kernel panic" OR "Oops") AND smc🔗 References
- https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8
- https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1
- https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff
- https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8
- https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1
- https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff
