CVE-2021-47654
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's Landlock sample code. The vulnerability occurs when the 'path_list' allocated in parse_path() is never freed, potentially leading to resource exhaustion. This affects systems running vulnerable Linux kernel versions with Landlock sample code enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to memory exhaustion, causing kernel instability, denial of service, or system crashes.
Likely Case
Memory leak gradually consumes system resources, potentially leading to performance degradation or application failures over time.
If Mitigated
With proper memory monitoring and resource limits, impact is limited to minor performance issues.
🎯 Exploit Status
Exploitation requires specific conditions: Landlock sample code must be compiled and executed. This is demonstration/example code, not production functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 017196730299ccd6eed24bbfabed8af4ffd81530, 20fbf100f84b9aeb9c91421abe1927bc152bc32b, 49b0d8bf05809df5f87e5c03e26d74bdfdab4571, 66b513b7c64a7290c1fbb88e657f7cece992e131)
Vendor Advisory: https://git.kernel.org/stable/c/017196730299ccd6eed24bbfabed8af4ffd81530
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version. 2. Rebuild kernel if using custom configuration. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Landlock sample code
linuxEnsure Landlock sample code is not compiled in kernel configuration
make menuconfig
Navigate to: Samples -> Landlock sample and disable
🧯 If You Can't Patch
- Monitor system memory usage for unusual patterns
- Restrict access to systems where Landlock sample code might be executed
🔍 How to Verify
Check if Vulnerable:
Check if Landlock sample code exists in /sys/kernel/debug/samples/landlock or verify kernel configuration includes CONFIG_SAMPLE_LANDLOCKCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions or verify the specific commit hash in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Out of memory errors in system logs
- Process crashes related to landlock samples
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("out of memory" OR "kernel panic" OR "landlock")