CVE-2021-47637
📋 TL;DR
This CVE describes a deadlock vulnerability in the Linux kernel's UBIFS filesystem implementation. When concurrent rename whiteout operations and inode writeback processes occur under specific conditions, the system can hang indefinitely. This affects Linux systems using UBIFS filesystems, particularly embedded devices and systems with flash storage.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes completely unresponsive (deadlock) requiring hard reboot, potentially causing data corruption or loss in UBIFS filesystems.
Likely Case
System hangs during concurrent file operations, requiring intervention to restore functionality.
If Mitigated
Minor performance impact during rename operations with proper space management.
🎯 Exploit Status
Exploit requires local access and ability to trigger specific concurrent operations with space constraints. The reproducer program is referenced in the CVE description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel commits: 37bdf1ad5925, 70e9090acc32, 83e42a78428f, 8b278c8dcfb5, 9dddc8211430
Vendor Advisory: https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Avoid concurrent rename operations
linuxLimit concurrent file rename operations on UBIFS filesystems
Maintain sufficient free space
linuxEnsure UBIFS filesystems have adequate free space to prevent the triggering condition
df -h | grep ubifs
Check and maintain at least 10-20% free space on UBIFS partitions
🧯 If You Can't Patch
- Monitor UBIFS filesystem space usage and maintain adequate free space
- Implement process controls to limit concurrent rename operations on UBIFS
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if UBIFS is in use: uname -r && cat /proc/filesystems | grep ubifsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: grep -r '37bdf1ad5925\|70e9090acc32\|83e42a78428f\|8b278c8dcfb5\|9dddc8211430' /boot/System.map*📡 Detection & Monitoring
Log Indicators:
- Kernel hung task messages
- UBIFS deadlock warnings in dmesg
- Processes stuck in D state for extended periods
SIEM Query:
source="kernel" AND ("hung task" OR "deadlock" OR "ubifs" AND "rename")🔗 References
- https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1
- https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9
- https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787
- https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5
- https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185
- https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c
- https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b
