CVE-2021-47606
📋 TL;DR
A division-by-zero vulnerability in the Linux kernel's netlink subsystem allows attackers to cause kernel crashes (denial of service) when processing specially crafted network packets. This affects Linux systems using the netem network emulation module. The vulnerability is triggered when empty network packets are processed, leading to a kernel panic.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting critical network services.
Likely Case
Local or remote denial of service through kernel crash, requiring system reboot to recover.
If Mitigated
Minimal impact if netem module is not loaded or if systems are patched.
🎯 Exploit Status
Crash reproduction code is available in the CVE description. Exploitation requires ability to send crafted network packets to systems with netem enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 40cf2e058832d9cfaae98dfd77334926275598b6, 4c986072a8c9249b9398c7a18f216dc26a9f0e35, 54e785f7d5c197bc06dbb8053700df7e2a093ced, c0315e93552e0d840e9edc6abd71c7db82ec8f51, c54a60c8fbaa774f828e26df79f66229a8a0e010
Vendor Advisory: https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable netem module
linuxUnload the netem kernel module if not required
sudo rmmod sch_netem
echo 'blacklist sch_netem' | sudo tee /etc/modprobe.d/blacklist-netem.conf
Prevent module autoload
linuxPrevent netem from being automatically loaded
echo 'install sch_netem /bin/false' | sudo tee /etc/modprobe.d/disable-netem.conf
🧯 If You Can't Patch
- Ensure netem module is not loaded on critical systems
- Implement network segmentation to limit access to systems using netem
🔍 How to Verify
Check if Vulnerable:
Check if netem module is loaded: lsmod | grep netem. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions. Confirm netem module functions without crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'divide error'
- Netem-related crash reports in dmesg or system logs
- System reboots following network traffic
Network Indicators:
- Unusual network packets targeting systems with netem enabled
- Traffic patterns attempting to trigger empty packet conditions
SIEM Query:
source="kernel" AND ("divide error" OR "netem" OR "sch_netem")🔗 References
- https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6
- https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35
- https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced
- https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51
- https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010
- https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5
- https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0
- https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41
- https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6
- https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35
- https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced
- https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51
- https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010
- https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5
- https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0
- https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41
