CVE-2021-47047 is a vulnerability identified in the Linux kernel's SPI (Serial Peripheral Interface) controller driver for the Zynq UltraScale+ MPSoC platform, specifically the spi-zynqmp-gqspi driver. The vulnerability arises because the driver does not correctly handle the failure of the dma_map_single function, which is responsible for mapping memory for DMA (Direct Memory Access) operations. The SPI controller supports a 44-bit address space on the AXI bus in DMA mode, and the driver sets the dma_addr_t width accordingly to 44 bits to avoid using the swiotlb (Software Input/Output Translation Lookaside Buffer) mapping. However, if dma_map_single fails, the driver erroneously continues with the DMA operation using an invalid address instead of returning an error immediately. This leads to a kernel crash when reading large blocks from flash memory, as evidenced by kernel oops messages and memory abort errors in the logs. The crash is triggered by a swiotlb buffer exhaustion and subsequent invalid memory access, causing a kernel panic or system instability. The issue is rooted in improper error handling in the DMA mapping process within the SPI driver, which can result in denial of service due to kernel crashes. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific versions of the Linux kernel containing the faulty spi-zynqmp-gqspi driver code prior to the patch that fixes this error handling flaw.

For European organizations, the impact of CVE-2021-47047 primarily concerns systems using the affected Linux kernel versions on Zynq UltraScale+ MPSoC platforms or similar embedded devices that rely on the spi-zynqmp-gqspi driver for SPI flash memory access. Such devices are often found in industrial control systems, telecommunications infrastructure, embedded IoT devices, and specialized computing equipment. A successful exploitation leads to kernel crashes causing denial of service, which can disrupt critical operations, especially in industrial automation, manufacturing, or network equipment. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability can be leveraged by attackers to cause outages or force reboots, impacting availability. European sectors with high reliance on embedded Linux devices in critical infrastructure, such as energy, transportation, and manufacturing, may face operational risks. Moreover, the lack of known exploits suggests a lower immediate threat, but the vulnerability could be targeted in future attacks once exploit techniques are developed. The impact on confidentiality and integrity is limited, but availability degradation in critical systems can have significant operational and economic consequences.

To mitigate CVE-2021-47047, European organizations should: 1) Identify and inventory all devices running affected Linux kernel versions with the spi-zynqmp-gqspi driver, focusing on embedded systems and industrial devices using Zynq UltraScale+ MPSoC platforms. 2) Apply the official Linux kernel patches that fix the dma_map_single error handling in the spi-zynqmp-gqspi driver as soon as they become available. If immediate patching is not possible, consider kernel version upgrades or vendor firmware updates that include the fix. 3) Implement monitoring for kernel oops and memory abort logs indicative of this issue to detect potential exploitation or system instability early. 4) For critical systems, establish redundancy and failover mechanisms to maintain availability in case of crashes. 5) Coordinate with device vendors to ensure timely firmware and kernel updates are provided and deployed. 6) Limit access to affected devices to trusted administrators and networks to reduce the risk of triggering the vulnerability through malicious input. 7) Conduct thorough testing of patches in staging environments to avoid regressions in embedded systems. These steps go beyond generic advice by focusing on embedded device inventory, vendor coordination, and operational continuity planning specific to this vulnerability.