CVE-2021-47082: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_netdevice(). ndo_init is paired with the desctructor (tun_free_netdev()), so if there's an error in register_netdevice() the destructor will handle the frees. BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 CPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1 Hardware name: Red Hat KVM, BIOS Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247 kasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372 ____kasan_slab_free mm/kasan/common.c:346 [inline] __kasan_slab_free+0x107/0x120 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook mm/slub.c:1749 [inline] slab_free mm/slub.c:3513 [inline] kfree+0xac/0x2d0 mm/slub.c:4561 selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 security_tun_dev_free_security+0x4f/0x90 security/security.c:2342 tun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215 netdev_run_todo+0x4df/0x840 net/core/dev.c:10627 rtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112 __tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302 tun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae
AI Analysis
Technical Summary
CVE-2021-47082 is a vulnerability identified in the Linux kernel's TUN (network tunnel) driver, specifically related to a double free condition in the function tun_free_netdev(). The issue arises from improper memory management where the dev->tstats and tun->security allocations are not correctly handled during the network device registration and destruction lifecycle. The fix involved moving these allocations to a new initialization routine tun_net_init(), which is called by register_netdevice(), ensuring that the paired destructor tun_free_netdev() properly frees resources without causing double free errors. The vulnerability was detected through Kernel Address Sanitizer (KASAN) reports indicating double-free or invalid-free errors in the SELinux security hooks related to the TUN device. The double free can lead to undefined behavior such as kernel crashes, memory corruption, or potential escalation of privileges if exploited. The vulnerability affects Linux kernel versions prior to the patch and is triggered during network device registration and ioctl operations on TUN devices. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires local access to the system to trigger the ioctl calls that lead to the double free, implying that an attacker must have some level of user privileges or access to the system to exploit it. The TUN driver is widely used for creating virtual network interfaces, commonly leveraged in VPN solutions and container networking, making this vulnerability relevant for systems running Linux kernels with TUN support enabled.
Potential Impact
For European organizations, the impact of CVE-2021-47082 can be significant depending on their reliance on Linux-based infrastructure, particularly those using VPNs, containerized environments, or virtualized network functions that utilize the TUN driver. Exploitation of this vulnerability could lead to kernel crashes causing denial of service, or potentially enable privilege escalation if an attacker can manipulate kernel memory through the double free condition. This could compromise confidentiality, integrity, and availability of critical systems. Organizations in sectors such as finance, telecommunications, government, and critical infrastructure that heavily depend on Linux servers and virtual networking may face operational disruptions or security breaches if the vulnerability is exploited. Although no active exploits are known, the presence of this vulnerability in widely deployed Linux kernels means that attackers with local access could leverage it to escalate privileges or destabilize systems, increasing the risk profile for European enterprises relying on Linux for secure network operations.
Mitigation Recommendations
To mitigate CVE-2021-47082, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 2) Restrict local user access to systems running vulnerable kernels, limiting the ability of unprivileged users to invoke ioctl operations on TUN devices. 3) Employ mandatory access controls (e.g., SELinux, AppArmor) to tightly control permissions around network device management and ioctl interfaces. 4) Monitor kernel logs and audit systems for unusual ioctl calls or kernel crashes that may indicate exploitation attempts. 5) For environments using container or virtualized networking, ensure that container runtimes and orchestration platforms are updated to versions that include patched kernels or have mitigations in place. 6) Consider network segmentation to isolate critical Linux systems and reduce the attack surface. 7) Conduct regular vulnerability scanning and penetration testing focused on kernel-level vulnerabilities and local privilege escalation vectors. These steps go beyond generic advice by emphasizing access control, monitoring, and environment-specific hardening tailored to the nature of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2021-47082: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_netdevice(). ndo_init is paired with the desctructor (tun_free_netdev()), so if there's an error in register_netdevice() the destructor will handle the frees. BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 CPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1 Hardware name: Red Hat KVM, BIOS Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247 kasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372 ____kasan_slab_free mm/kasan/common.c:346 [inline] __kasan_slab_free+0x107/0x120 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook mm/slub.c:1749 [inline] slab_free mm/slub.c:3513 [inline] kfree+0xac/0x2d0 mm/slub.c:4561 selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 security_tun_dev_free_security+0x4f/0x90 security/security.c:2342 tun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215 netdev_run_todo+0x4df/0x840 net/core/dev.c:10627 rtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112 __tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302 tun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae
AI-Powered Analysis
Technical Analysis
CVE-2021-47082 is a vulnerability identified in the Linux kernel's TUN (network tunnel) driver, specifically related to a double free condition in the function tun_free_netdev(). The issue arises from improper memory management where the dev->tstats and tun->security allocations are not correctly handled during the network device registration and destruction lifecycle. The fix involved moving these allocations to a new initialization routine tun_net_init(), which is called by register_netdevice(), ensuring that the paired destructor tun_free_netdev() properly frees resources without causing double free errors. The vulnerability was detected through Kernel Address Sanitizer (KASAN) reports indicating double-free or invalid-free errors in the SELinux security hooks related to the TUN device. The double free can lead to undefined behavior such as kernel crashes, memory corruption, or potential escalation of privileges if exploited. The vulnerability affects Linux kernel versions prior to the patch and is triggered during network device registration and ioctl operations on TUN devices. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires local access to the system to trigger the ioctl calls that lead to the double free, implying that an attacker must have some level of user privileges or access to the system to exploit it. The TUN driver is widely used for creating virtual network interfaces, commonly leveraged in VPN solutions and container networking, making this vulnerability relevant for systems running Linux kernels with TUN support enabled.
Potential Impact
For European organizations, the impact of CVE-2021-47082 can be significant depending on their reliance on Linux-based infrastructure, particularly those using VPNs, containerized environments, or virtualized network functions that utilize the TUN driver. Exploitation of this vulnerability could lead to kernel crashes causing denial of service, or potentially enable privilege escalation if an attacker can manipulate kernel memory through the double free condition. This could compromise confidentiality, integrity, and availability of critical systems. Organizations in sectors such as finance, telecommunications, government, and critical infrastructure that heavily depend on Linux servers and virtual networking may face operational disruptions or security breaches if the vulnerability is exploited. Although no active exploits are known, the presence of this vulnerability in widely deployed Linux kernels means that attackers with local access could leverage it to escalate privileges or destabilize systems, increasing the risk profile for European enterprises relying on Linux for secure network operations.
Mitigation Recommendations
To mitigate CVE-2021-47082, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 2) Restrict local user access to systems running vulnerable kernels, limiting the ability of unprivileged users to invoke ioctl operations on TUN devices. 3) Employ mandatory access controls (e.g., SELinux, AppArmor) to tightly control permissions around network device management and ioctl interfaces. 4) Monitor kernel logs and audit systems for unusual ioctl calls or kernel crashes that may indicate exploitation attempts. 5) For environments using container or virtualized networking, ensure that container runtimes and orchestration platforms are updated to versions that include patched kernels or have mitigations in place. 6) Consider network segmentation to isolate critical Linux systems and reduce the attack surface. 7) Conduct regular vulnerability scanning and penetration testing focused on kernel-level vulnerabilities and local privilege escalation vectors. These steps go beyond generic advice by emphasizing access control, monitoring, and environment-specific hardening tailored to the nature of the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-29T22:33:44.298Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9c9b
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 9:11:22 PM
Last updated: 8/15/2025, 12:20:13 AM
Views: 21
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.