CVE-2021-47566
📋 TL;DR
A kernel memory corruption vulnerability in the Linux kernel's vmcore handling code allows local attackers to trigger a kernel panic (crash) by exploiting improper user buffer clearing. This affects Linux systems with specific configurations where vmcore/kdump is enabled and SMAP-protected CPUs are present. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system crash, potentially disrupting critical services and requiring physical or remote console intervention to reboot.
Likely Case
Local denial of service through kernel panic when copying vmcore files, requiring system reboot to restore functionality.
If Mitigated
No impact if the system is patched or doesn't have vmcore/kdump enabled on SMAP-capable hardware.
🎯 Exploit Status
Exploit demonstrated in vulnerability report via simple 'cp' command on vmcore files. Requires local user access but trivial to trigger in vulnerable configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 33a7d698f30fa0b99d50569e9909d3baa65d8f6a, 7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1, 99d348b82bcb36171f24411d3f1a15706a2a937a, 9ef384ed300d1bcfb23d0ab0b487d544444d4b52, a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
Vendor Advisory: https://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update. 4. Verify the fix by checking kernel version or attempting to trigger the original crash condition.
🔧 Temporary Workarounds
Disable vmcore/kdump functionality
linuxDisable the kdump service and vmcore functionality to prevent exploitation
systemctl disable kdump.service
systemctl stop kdump.service
echo 0 > /proc/sys/kernel/kexec_load_disabled
Disable SMAP at kernel boot
linuxDisable Supervisor Mode Access Prevention feature (reduces security but prevents exploit)
Add 'nosmap' to kernel boot parameters in GRUB configuration
🧯 If You Can't Patch
- Disable kdump service and vmcore functionality immediately
- Restrict local user access to systems with vulnerable configurations
🔍 How to Verify
Check if Vulnerable:
Check if: 1) Kernel version is before fix commits, 2) kdump service is enabled (systemctl status kdump), 3) CPU supports SMAP (check /proc/cpuinfo for 'smap' flag)Check Version:
uname -rVerify Fix Applied:
1. Verify kernel version includes fix commits. 2. Test vmcore copy operations no longer cause kernel panic. 3. Check that clear_user() is properly used in proc/vmcore code.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs with 'BUG: unable to handle page fault'
- Kernel oops messages related to read_from_oldmem
- kdump service failure logs
- System crash/reboot events during vmcore operations
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND ("BUG: unable to handle page fault" OR "read_from_oldmem" OR "proc/vmcore")🔗 References
- https://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
- https://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1
- https://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a
- https://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52
- https://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
- https://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c
- https://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82
- https://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89
- https://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
- https://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1
- https://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a
- https://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52
- https://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
- https://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c
- https://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82
- https://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89
