CVE-2021-47089: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 (size 248): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff93d419854000 (size 4096): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12- backtrace: seq_read_iter+0x313/0x440 seq_read+0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 I find that we can easily reproduce this problem with the following commands: cat /sys/kernel/debug/kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak The leaked memory is allocated in the stack below: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse ---> alloc seq_buf And it should have been released in the following process: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free here However, the release function corresponding to file_operations is not implemented in kfence. As a result, a memory leak occurs. Therefore, the solution to this problem is to implement the corresponding release function.
AI Analysis
Technical Summary
CVE-2021-47089 is a vulnerability identified in the Linux kernel's kfence subsystem, which is a kernel memory safety feature designed to detect memory errors. The issue is a memory leak caused by the absence of an implemented release function in the kfence file operations. Specifically, when kernel objects related to kfence are opened and read (e.g., via commands like 'cat /sys/kernel/debug/kfence/objects'), memory is allocated (such as seq_file and seq_buf structures) during the open and read operations. However, the corresponding release function that should free this allocated memory upon closing the file descriptor is missing. This leads to unreferenced kernel memory objects persisting, as confirmed by kmemleak reports showing leaked objects with detailed backtraces. The leak occurs because the kernel's file release path (full_proxy_release) is not properly implemented for kfence objects, preventing memory from being freed when user-space processes terminate or close the file. The vulnerability has a CVSS v3.1 score of 3.3, indicating low severity, with an attack vector of local access (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacts only availability (A:L) without affecting confidentiality or integrity. No known exploits are reported in the wild. The fix involves implementing the missing release function in the kfence subsystem to ensure proper memory deallocation and prevent leaks.
Potential Impact
For European organizations, the impact of CVE-2021-47089 is generally limited due to its low severity and local attack vector. The vulnerability could lead to gradual kernel memory exhaustion if exploited repeatedly or over extended periods, potentially causing system instability or crashes (denial of service). This could affect servers or critical infrastructure running Linux kernels with kfence enabled, especially in environments where local users or processes can repeatedly trigger the leak. However, since exploitation requires local access and no privilege escalation or data compromise is involved, the risk to confidentiality and integrity is minimal. Organizations relying on Linux systems for critical services should be aware that memory leaks in kernel subsystems can degrade performance and availability over time, impacting service reliability. In multi-tenant or shared environments, unprivileged users might exploit this to cause resource exhaustion, affecting other tenants. Nonetheless, the overall operational impact remains low compared to vulnerabilities enabling remote code execution or privilege escalation.
Mitigation Recommendations
To mitigate CVE-2021-47089, European organizations should: 1) Apply the official Linux kernel patches that implement the missing release function in the kfence subsystem as soon as they become available from trusted sources or Linux distributions. 2) Monitor kernel memory usage and kmemleak reports regularly to detect abnormal memory leaks indicative of exploitation attempts. 3) Restrict local access to systems running vulnerable kernels by enforcing strict user permissions and limiting shell or debug access to trusted personnel only. 4) Disable kfence if it is not required for the environment, as this will eliminate the attack surface related to this vulnerability. 5) Employ kernel hardening and monitoring tools that can alert on unusual kernel memory behavior or resource exhaustion. 6) In containerized or virtualized environments, isolate workloads to minimize the impact of local resource exhaustion. These steps go beyond generic advice by focusing on proactive monitoring, access control, and configuration adjustments specific to the kfence subsystem and kernel memory management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2021-47089: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 (size 248): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff93d419854000 (size 4096): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12- backtrace: seq_read_iter+0x313/0x440 seq_read+0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 I find that we can easily reproduce this problem with the following commands: cat /sys/kernel/debug/kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak The leaked memory is allocated in the stack below: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse ---> alloc seq_buf And it should have been released in the following process: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free here However, the release function corresponding to file_operations is not implemented in kfence. As a result, a memory leak occurs. Therefore, the solution to this problem is to implement the corresponding release function.
AI-Powered Analysis
Technical Analysis
CVE-2021-47089 is a vulnerability identified in the Linux kernel's kfence subsystem, which is a kernel memory safety feature designed to detect memory errors. The issue is a memory leak caused by the absence of an implemented release function in the kfence file operations. Specifically, when kernel objects related to kfence are opened and read (e.g., via commands like 'cat /sys/kernel/debug/kfence/objects'), memory is allocated (such as seq_file and seq_buf structures) during the open and read operations. However, the corresponding release function that should free this allocated memory upon closing the file descriptor is missing. This leads to unreferenced kernel memory objects persisting, as confirmed by kmemleak reports showing leaked objects with detailed backtraces. The leak occurs because the kernel's file release path (full_proxy_release) is not properly implemented for kfence objects, preventing memory from being freed when user-space processes terminate or close the file. The vulnerability has a CVSS v3.1 score of 3.3, indicating low severity, with an attack vector of local access (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacts only availability (A:L) without affecting confidentiality or integrity. No known exploits are reported in the wild. The fix involves implementing the missing release function in the kfence subsystem to ensure proper memory deallocation and prevent leaks.
Potential Impact
For European organizations, the impact of CVE-2021-47089 is generally limited due to its low severity and local attack vector. The vulnerability could lead to gradual kernel memory exhaustion if exploited repeatedly or over extended periods, potentially causing system instability or crashes (denial of service). This could affect servers or critical infrastructure running Linux kernels with kfence enabled, especially in environments where local users or processes can repeatedly trigger the leak. However, since exploitation requires local access and no privilege escalation or data compromise is involved, the risk to confidentiality and integrity is minimal. Organizations relying on Linux systems for critical services should be aware that memory leaks in kernel subsystems can degrade performance and availability over time, impacting service reliability. In multi-tenant or shared environments, unprivileged users might exploit this to cause resource exhaustion, affecting other tenants. Nonetheless, the overall operational impact remains low compared to vulnerabilities enabling remote code execution or privilege escalation.
Mitigation Recommendations
To mitigate CVE-2021-47089, European organizations should: 1) Apply the official Linux kernel patches that implement the missing release function in the kfence subsystem as soon as they become available from trusted sources or Linux distributions. 2) Monitor kernel memory usage and kmemleak reports regularly to detect abnormal memory leaks indicative of exploitation attempts. 3) Restrict local access to systems running vulnerable kernels by enforcing strict user permissions and limiting shell or debug access to trusted personnel only. 4) Disable kfence if it is not required for the environment, as this will eliminate the attack surface related to this vulnerability. 5) Employ kernel hardening and monitoring tools that can alert on unusual kernel memory behavior or resource exhaustion. 6) In containerized or virtualized environments, isolate workloads to minimize the impact of local resource exhaustion. These steps go beyond generic advice by focusing on proactive monitoring, access control, and configuration adjustments specific to the kfence subsystem and kernel memory management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-29T22:33:44.300Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9ca5
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 9:12:36 PM
Last updated: 8/2/2025, 12:55:53 PM
Views: 16
Related Threats
CVE-2025-55716: CWE-862 Missing Authorization in VeronaLabs WP Statistics
MediumCVE-2025-55714: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crocoblock JetElements For Elementor
MediumCVE-2025-55713: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CreativeThemes Blocksy
MediumCVE-2025-55712: CWE-862 Missing Authorization in POSIMYTH The Plus Addons for Elementor Page Builder Lite
MediumCVE-2025-55710: CWE-201 Insertion of Sensitive Information Into Sent Data in Steve Burge TaxoPress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.