CVE-2021-47187 is a vulnerability in the Linux kernel specifically affecting the arm64 architecture on Qualcomm's MSM8998 SoC (System on Chip). The issue stems from misconfigured parameters related to CPU and L2 cache idle state latency and minimum residency times in the device tree source (DTS) files. These parameters define how long the CPU cluster and L2 cache remain in low-power states before waking up, which is critical for power management and system stability. The vulnerability arises because the timings for power collapse states were incorrectly set: the minimum residency times were miscalculated during porting, and the latency values used were those for the CPU cluster rather than the L2 cache, which actually has higher latency requirements. This misconfiguration did not cause significant problems when CPU frequency scaling was disabled, as the power collapse states were rarely entered. However, when CPU scaling is enabled, the incorrect timings lead to instability of the SoC, manifesting as random, unexplained reboots or system lockups without explicit error messages. The patch corrects these parameters to properly account for the L2 cache latency and minimum residency, stabilizing the SoC under CPU scaling conditions and frequent power collapse events. While this vulnerability does not directly allow code execution or privilege escalation, it impacts system availability and reliability on affected devices running Linux kernels with this flawed configuration for MSM8998. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the primary impact of CVE-2021-47187 is on the availability and stability of systems using Qualcomm MSM8998 SoCs running Linux with CPU scaling enabled. This SoC is commonly found in certain mobile devices and embedded systems. Organizations relying on such hardware for critical operations may experience unexpected system crashes or lockups, leading to downtime and potential disruption of services. While the vulnerability does not compromise confidentiality or integrity directly, the unpredictable reboots can affect operational continuity, especially in industrial, telecommunications, or IoT environments where MSM8998-based devices might be deployed. The lack of explicit error messages complicates troubleshooting and may delay incident response. European enterprises with embedded Linux devices in their infrastructure should be aware of this issue to prevent operational instability. Since no exploits are known, the immediate risk is moderate, but unpatched systems remain vulnerable to potential future exploitation or accidental triggering of the instability.

To mitigate CVE-2021-47187, organizations should: 1) Identify all devices and systems using the Qualcomm MSM8998 SoC running Linux kernels with CPU scaling enabled. 2) Apply the official Linux kernel patches or updated device tree source files that correct the CPU and L2 cache idle state latency and residency parameters as soon as they become available. 3) If patching is not immediately possible, consider disabling CPU frequency scaling on affected devices as a temporary workaround to reduce the likelihood of power collapse states causing instability. 4) Monitor system logs and device behavior for unexplained reboots or lockups that could indicate triggering of this vulnerability. 5) Engage with hardware and software vendors to confirm that their Linux distributions incorporate the fix. 6) For embedded or IoT devices, ensure firmware updates include the corrected parameters and validate stability post-update. 7) Incorporate this vulnerability into vulnerability management and patching cycles to ensure timely remediation.