CVE-2021-47397: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_rcv_ootb net/sctp/input.c:705 [inline] RIP: 0010:sctp_rcv+0x1d84/0x3220 net/sctp/input.c:196 Call Trace: <IRQ> sctp6_rcv+0x38/0x60 net/sctp/ipv6.c:1109 ip6_protocol_deliver_rcu+0x2e9/0x1ca0 net/ipv6/ip6_input.c:422 ip6_input_finish+0x62/0x170 net/ipv6/ip6_input.c:463 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ipv6_rcv+0x28c/0x3c0 net/ipv6/ip6_input.c:297
AI Analysis
Technical Summary
CVE-2021-47397 is a vulnerability identified in the Linux kernel's SCTP (Stream Control Transmission Protocol) implementation. The issue arises in the function sctp_rcv_ootb within the net/sctp/input.c source file. Specifically, the vulnerability is due to the lack of a proper null pointer check on the return value of skb_header_pointer, a function used to access packet headers. If skb_header_pointer returns NULL and this is not checked before dereferencing, it results in a null pointer dereference (null-ptr-deref) error. This can cause a kernel crash or denial of service (DoS) due to the kernel's memory access violation. The vulnerability was detected by syzbot, a kernel fuzzing tool, which reported a KASAN (Kernel Address Sanitizer) null pointer dereference in the SCTP code path. The affected code path involves IPv6 packet reception and SCTP packet processing, indicating that the vulnerability can be triggered by specially crafted SCTP packets over IPv6. The root cause is a missing validation step before using the pointer returned by skb_header_pointer, which is critical for safely handling out-of-the-blue SCTP packets. The vulnerability affects Linux kernel versions identified by the commit hash 3acb50c18d8d6650f10919464ade4dcdaf41d62f and potentially earlier versions that do not include the fix. No known exploits are reported in the wild as of the publication date. The vulnerability does not have an assigned CVSS score yet, but it is recognized and published by the Linux project and CISA enrichment confirms its validity. This flaw is a classic example of a kernel null pointer dereference leading to a potential denial of service condition, which could be exploited by an attacker to crash affected systems remotely by sending malicious SCTP packets over IPv6 networks.
Potential Impact
For European organizations, the impact of CVE-2021-47397 can be significant, especially for those relying on Linux servers and infrastructure that use SCTP over IPv6. SCTP is commonly used in telecommunications, signaling, and some enterprise applications, so organizations in these sectors could face service disruptions. A successful exploitation would cause kernel crashes leading to denial of service, potentially interrupting critical services, communications, or applications. This could affect data center operations, cloud services, and network equipment running vulnerable Linux kernels. The disruption could lead to operational downtime, loss of availability, and increased recovery costs. While this vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact alone can be critical for high-availability environments. European telecom providers, financial institutions, and public sector organizations that depend on stable Linux-based infrastructure may be particularly vulnerable. Additionally, the use of IPv6 is growing in Europe, increasing the attack surface. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers could develop exploits given the public disclosure.
Mitigation Recommendations
To mitigate CVE-2021-47397, European organizations should: 1) Apply the official Linux kernel patches that include the null pointer check fix for skb_header_pointer in the SCTP code. This is the definitive solution. 2) If immediate patching is not possible, consider disabling SCTP protocol support in the kernel if it is not required, to reduce the attack surface. 3) Implement network-level filtering to block or restrict SCTP traffic, especially over IPv6, from untrusted or external sources. 4) Monitor network traffic for unusual SCTP packet patterns that could indicate exploitation attempts. 5) Use kernel hardening and runtime protection tools that can detect and prevent null pointer dereferences or kernel crashes. 6) Maintain up-to-date intrusion detection and prevention systems to alert on suspicious SCTP traffic. 7) Conduct thorough testing of kernel updates in staging environments before deployment to avoid service disruptions. These steps go beyond generic advice by focusing on SCTP-specific controls and IPv6 traffic management, which are critical given the vulnerability's nature.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2021-47397: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_rcv_ootb net/sctp/input.c:705 [inline] RIP: 0010:sctp_rcv+0x1d84/0x3220 net/sctp/input.c:196 Call Trace: <IRQ> sctp6_rcv+0x38/0x60 net/sctp/ipv6.c:1109 ip6_protocol_deliver_rcu+0x2e9/0x1ca0 net/ipv6/ip6_input.c:422 ip6_input_finish+0x62/0x170 net/ipv6/ip6_input.c:463 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ipv6_rcv+0x28c/0x3c0 net/ipv6/ip6_input.c:297
AI-Powered Analysis
Technical Analysis
CVE-2021-47397 is a vulnerability identified in the Linux kernel's SCTP (Stream Control Transmission Protocol) implementation. The issue arises in the function sctp_rcv_ootb within the net/sctp/input.c source file. Specifically, the vulnerability is due to the lack of a proper null pointer check on the return value of skb_header_pointer, a function used to access packet headers. If skb_header_pointer returns NULL and this is not checked before dereferencing, it results in a null pointer dereference (null-ptr-deref) error. This can cause a kernel crash or denial of service (DoS) due to the kernel's memory access violation. The vulnerability was detected by syzbot, a kernel fuzzing tool, which reported a KASAN (Kernel Address Sanitizer) null pointer dereference in the SCTP code path. The affected code path involves IPv6 packet reception and SCTP packet processing, indicating that the vulnerability can be triggered by specially crafted SCTP packets over IPv6. The root cause is a missing validation step before using the pointer returned by skb_header_pointer, which is critical for safely handling out-of-the-blue SCTP packets. The vulnerability affects Linux kernel versions identified by the commit hash 3acb50c18d8d6650f10919464ade4dcdaf41d62f and potentially earlier versions that do not include the fix. No known exploits are reported in the wild as of the publication date. The vulnerability does not have an assigned CVSS score yet, but it is recognized and published by the Linux project and CISA enrichment confirms its validity. This flaw is a classic example of a kernel null pointer dereference leading to a potential denial of service condition, which could be exploited by an attacker to crash affected systems remotely by sending malicious SCTP packets over IPv6 networks.
Potential Impact
For European organizations, the impact of CVE-2021-47397 can be significant, especially for those relying on Linux servers and infrastructure that use SCTP over IPv6. SCTP is commonly used in telecommunications, signaling, and some enterprise applications, so organizations in these sectors could face service disruptions. A successful exploitation would cause kernel crashes leading to denial of service, potentially interrupting critical services, communications, or applications. This could affect data center operations, cloud services, and network equipment running vulnerable Linux kernels. The disruption could lead to operational downtime, loss of availability, and increased recovery costs. While this vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact alone can be critical for high-availability environments. European telecom providers, financial institutions, and public sector organizations that depend on stable Linux-based infrastructure may be particularly vulnerable. Additionally, the use of IPv6 is growing in Europe, increasing the attack surface. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers could develop exploits given the public disclosure.
Mitigation Recommendations
To mitigate CVE-2021-47397, European organizations should: 1) Apply the official Linux kernel patches that include the null pointer check fix for skb_header_pointer in the SCTP code. This is the definitive solution. 2) If immediate patching is not possible, consider disabling SCTP protocol support in the kernel if it is not required, to reduce the attack surface. 3) Implement network-level filtering to block or restrict SCTP traffic, especially over IPv6, from untrusted or external sources. 4) Monitor network traffic for unusual SCTP packet patterns that could indicate exploitation attempts. 5) Use kernel hardening and runtime protection tools that can detect and prevent null pointer dereferences or kernel crashes. 6) Maintain up-to-date intrusion detection and prevention systems to alert on suspicious SCTP traffic. 7) Conduct thorough testing of kernel updates in staging environments before deployment to avoid service disruptions. These steps go beyond generic advice by focusing on SCTP-specific controls and IPv6 traffic management, which are critical given the vulnerability's nature.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:58:30.815Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe8fdd
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 12:25:47 PM
Last updated: 7/29/2025, 10:32:39 PM
Views: 10
Related Threats
CVE-2025-9020: Use After Free in PX4 PX4-Autopilot
LowCVE-2025-8604: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wptb WP Table Builder – WordPress Table Plugin
MediumCVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.