CVE-2021-47225 is a medium-severity vulnerability in the Linux kernel's mac80211 wireless subsystem, specifically related to Access Point (AP) and VLAN interface handling. The issue arises when AP_VLAN interfaces are active and the parent AP interface is closed. The root cause is a deadlock condition triggered by the Linux kernel's locking mechanism: the dev_close() function is called while holding the wiphy mutex, and this function internally triggers a netdev notifier callback in cfg80211 that attempts to reacquire the same wiphy mutex, causing a circular wait and thus a deadlock. The vulnerability is due to improper lock management during interface state changes, particularly when closing AP interfaces that have associated VLAN subinterfaces. The fix involves two key changes: first, preventing interface type changes while AP_VLAN interfaces are up, which is a rare operation and typically requires userspace to bring interfaces down before changing types; second, restructuring the dev_close() loop to occur outside the wiphy mutex lock in the normal stop case, thereby avoiding the deadlock scenario. This vulnerability does not affect confidentiality or integrity but impacts availability by causing a kernel deadlock, which can lead to system hangs or denial of service on affected Linux systems running wireless AP configurations with VLANs. The CVSS score is 5.5 (medium), reflecting local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability.

For European organizations, this vulnerability primarily threatens the availability of Linux-based wireless infrastructure devices, such as routers, access points, or embedded systems running Linux with mac80211 wireless drivers configured as APs with VLAN interfaces. Organizations relying on Linux for wireless networking, including enterprises, educational institutions, and public Wi-Fi providers, may experience service disruptions or denial of service if this deadlock is triggered. While exploitation requires local privileges and specific interface configurations, the impact on critical wireless infrastructure could degrade network availability, affecting business operations, communications, and potentially safety-critical systems that depend on wireless connectivity. The lack of confidentiality or integrity impact limits data breach risks, but availability degradation in network infrastructure can have cascading effects on operational continuity and user productivity. Since no known exploits are reported in the wild, the immediate risk is moderate, but unpatched systems remain vulnerable to accidental or intentional triggering of the deadlock.

To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that address CVE-2021-47225 as soon as possible, ensuring the mac80211 subsystem and related wireless drivers are updated to versions containing the fix. 2) Review wireless network configurations to identify AP interfaces with active VLAN subinterfaces and avoid changing interface types while VLANs are up. 3) Implement monitoring for kernel logs and system stability indicators on wireless infrastructure devices to detect signs of deadlock or hangs related to wireless interface state changes. 4) Where feasible, restrict local access to devices running vulnerable Linux kernels to trusted administrators only, minimizing the risk of accidental or malicious triggering. 5) Consider deploying redundancy or failover mechanisms for critical wireless access points to maintain availability in case of service disruption. 6) Test wireless interface management procedures in controlled environments before applying changes in production to avoid triggering the deadlock condition.