CVE-2021-47021 is a vulnerability identified in the Linux kernel specifically affecting the mt76 wireless driver, which supports MediaTek Wi-Fi chipsets including the mt7915 device. The issue arises from improper memory management during the device unregistration process. More precisely, the function mt7915_tx_token_put() is not called before mt76_free_pending_txwi(), leading to a memory leak when mt7915_unregister_device() is invoked. This sequence flaw causes allocated resources related to transmit tokens to not be properly freed, resulting in a gradual consumption of kernel memory. While the vulnerability does not directly enable remote code execution or privilege escalation, the memory leak can degrade system stability and performance over time, potentially leading to denial of service (DoS) conditions if the system runs out of memory. The vulnerability affects Linux kernel versions containing the specified commits prior to the fix. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves correcting the order of function calls to ensure proper cleanup of transmit tokens before freeing associated memory structures. This vulnerability is relevant to systems running Linux kernels with the mt76 driver supporting the mt7915 chipset, commonly found in embedded devices, routers, and some laptops using MediaTek Wi-Fi hardware.

For European organizations, the impact of CVE-2021-47021 primarily concerns operational stability rather than direct data compromise. Enterprises and service providers relying on Linux-based infrastructure with MediaTek mt7915 Wi-Fi chipsets may experience degraded network device performance or kernel instability due to memory leaks. This can lead to intermittent wireless connectivity issues or system crashes, affecting business continuity especially in environments with high network traffic or long uptime requirements. Industrial control systems, telecommunications equipment, and IoT devices running affected Linux kernels could be particularly vulnerable to service disruptions. Although no active exploitation is known, the vulnerability could be leveraged in targeted attacks aiming to cause denial of service or to facilitate further attacks by destabilizing network components. European organizations with large-scale deployments of Linux-based wireless infrastructure should be aware of this risk, especially those in critical sectors such as finance, healthcare, and public administration where network reliability is paramount.

To mitigate CVE-2021-47021, European organizations should: 1) Apply the official Linux kernel patches that reorder the function calls in the mt76 driver to properly release memory during device unregistration. Monitoring Linux kernel mailing lists or vendor advisories for updated kernel releases including this fix is essential. 2) Identify and inventory all systems using the mt76 driver with the mt7915 chipset to prioritize patching efforts. 3) For embedded or IoT devices where kernel updates are challenging, consider firmware updates from device manufacturers that incorporate the fix. 4) Implement proactive monitoring of system logs and kernel memory usage to detect abnormal memory consumption patterns indicative of this leak. 5) Employ network segmentation and redundancy to minimize the impact of potential device instability on critical network operations. 6) Engage with hardware vendors to confirm support and timelines for patched firmware or drivers. These steps go beyond generic advice by focusing on device-specific patching, proactive detection, and operational resilience.