CVE-2021-47593
📋 TL;DR
A Linux kernel vulnerability in the MPTCP (Multipath TCP) subsystem allows local users to crash the kernel through a NULL pointer dereference. When MPTCP falls back to regular TCP, certain sockets retain incorrect kernel flags, enabling userspace to trigger a crash via setsockopt. This affects systems with MPTCP enabled in the kernel.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system reboot, potentially leading to service disruption.
Likely Case
Local user triggers kernel crash, causing temporary system unavailability until reboot.
If Mitigated
Minimal impact with proper access controls limiting local user privileges.
🎯 Exploit Status
Exploitation requires local access and ability to create sockets. No authentication bypass needed beyond local user access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 451f1eded7f56e93aaf52eb547ba97742d9c0e97, c26ac0ea3a91c210cf90452e625dc441adf3e549, d6692b3b97bdc165d150f4c1505751a323a80717
Vendor Advisory: https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution security advisories for patched kernel packages. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable MPTCP
linuxDisable MPTCONFIG in kernel configuration if not required
echo 'blacklist mptcp' > /etc/modprobe.d/disable-mptcp.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to prevent unauthorized users from creating sockets
- Implement strict SELinux/AppArmor policies to limit socket operations
🔍 How to Verify
Check if Vulnerable:
Check if MPTCP is enabled: grep CONFIG_MPTCP /boot/config-$(uname -r) or check kernel version against distribution security advisoriesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution package manager for security updates📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN null-ptr-deref reports in dmesg
- System crash/reboot events
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND "KASAN: null-ptr-deref" AND "subflow_data_ready"🔗 References
- https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97
- https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549
- https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717
- https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97
- https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549
- https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717
