CVE-2021-47577
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's io-wq subsystem where a worker task_work can be added after the work queue has started exiting. This could lead to use-after-free conditions or system instability. It affects Linux systems running vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation if combined with other vulnerabilities
Likely Case
System instability, crashes, or denial of service in specific io-wq usage scenarios
If Mitigated
Minimal impact with proper kernel hardening and isolation
🎯 Exploit Status
Race condition exploitation is challenging and requires local access
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec or 71a85387546e50b1a37b0fa45dadcae3bfb35cf6
Vendor Advisory: https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor
2. Reboot system to load new kernel
3. Verify kernel version after reboot
🔧 Temporary Workarounds
Disable io-wq subsystem
linuxRemove io-wq kernel module support if not required
echo "blacklist io_wq" >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Implement strict access controls to limit who can trigger io-wq operations
- Monitor system stability and implement crash recovery mechanisms
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it's between affected ranges. Use: uname -r and compare with distribution security advisoriesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commits or is newer than patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash dumps
- Unexpected process terminations
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel panic' OR 'system crash' OR 'segmentation fault' in system logs