CVE-2021-47104 is a vulnerability identified in the Linux kernel specifically affecting the InfiniBand (IB) subsystem, particularly the qib driver which manages certain IB hardware. The issue arises from a memory leak in the function qib_user_sdma_queue_pkts(). The root cause is the incorrect use of a goto label in the error handling path, which results in the failure to properly clean up allocated packet memory when an error occurs. This leads to a resource leak where allocated memory is not freed, potentially causing gradual memory exhaustion on affected systems. The vulnerability was detected through static analysis (Coverity ID 1493352) and has been addressed by correcting the error handling logic to ensure proper cleanup. The affected versions include multiple Linux kernel commits prior to the fix, indicating that this issue has been present in various kernel builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems using the qib InfiniBand driver, which is typically found in high-performance computing (HPC) environments or data centers utilizing InfiniBand networking for low-latency, high-throughput communication.

For European organizations, the impact of CVE-2021-47104 is primarily related to stability and resource management on Linux systems using the qib InfiniBand driver. Organizations operating HPC clusters, scientific research institutions, or data centers with InfiniBand infrastructure may experience memory leaks leading to degraded system performance or potential denial of service due to resource exhaustion over time. While this vulnerability does not directly lead to privilege escalation or remote code execution, the memory leak can cause system instability, which may disrupt critical workloads. Given the specialized nature of the affected component, the impact is limited to environments with InfiniBand hardware rather than general-purpose Linux deployments. However, in sectors such as telecommunications, finance, or research where InfiniBand is used for performance reasons, this could affect availability and operational continuity if unpatched.

To mitigate this vulnerability, European organizations should: 1) Identify Linux systems running kernels with the affected qib driver versions, especially those in HPC or data center environments using InfiniBand. 2) Apply the official Linux kernel patches that fix the memory leak by correcting the error handling in qib_user_sdma_queue_pkts(). If vendor-specific kernel builds are used, ensure that the vendor has incorporated this fix. 3) Monitor system memory usage on affected hosts for unusual leaks or degradation that could indicate the presence of the issue. 4) Implement proactive system restarts or resource management policies as a temporary workaround if patching cannot be immediately applied. 5) Maintain up-to-date kernel versions and subscribe to security advisories related to Linux kernel and InfiniBand drivers. 6) Conduct thorough testing of kernel updates in staging environments to prevent disruption in critical HPC or data center operations.