CVE-2021-47012 is a use-after-free (UAF) vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the SoftiWARP (siw) driver component. The vulnerability arises in the function siw_alloc_mr(), which is responsible for allocating memory regions (MR) for RDMA operations. During execution, siw_alloc_mr() calls siw_mr_add_mem(mr, ...), where a memory object 'mem' is assigned to the mr->mem pointer. However, if the call to xa_alloc_cyclic() within siw_mr_add_mem() fails, the memory object 'mem' is freed using kfree(mem), but mr->mem still points to this now-freed memory. Subsequently, the code continues to the error handling branch err_out in siw_alloc_mr(), where the freed mr->mem pointer is dereferenced in siw_mr_drop_mem(mr), leading to a use-after-free condition. This UAF can cause undefined behavior including potential kernel crashes or exploitation opportunities. The patch corrects this by moving the assignment mr->mem = mem to occur only after the successful completion of xa_alloc_cyclic(), ensuring mr->mem never points to freed memory. This vulnerability affects specific Linux kernel versions identified by commit hashes and was published on 2024-02-28. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems utilizing RDMA capabilities with the SoftiWARP driver, often found in high-performance computing environments, data centers, and enterprise servers running Linux kernels with affected versions. Exploitation could lead to kernel crashes (denial of service) or potentially privilege escalation if an attacker crafts inputs to trigger the UAF, compromising system integrity and availability. Confidentiality impact is lower unless combined with other vulnerabilities. The disruption of critical infrastructure or enterprise services relying on RDMA could have operational and financial consequences. Given the kernel-level nature, successful exploitation could undermine trust in affected systems and require urgent patching to maintain security posture.

European organizations should prioritize updating Linux kernels to versions that include the patch for CVE-2021-47012. Specifically, they should verify kernel versions against the affected commit hashes and apply vendor-supplied patches or kernel updates promptly. For environments where immediate patching is not feasible, disabling the SoftiWARP RDMA driver or restricting RDMA usage to trusted users and processes can reduce exposure. Monitoring kernel logs for unusual crashes or memory errors related to RDMA operations can help detect attempted exploitation. Additionally, employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and enabling kernel lockdown features can raise exploitation difficulty. Regular vulnerability scanning and inventory of Linux kernel versions across infrastructure will aid in identifying at-risk systems.