CVE-2021-47240 is a vulnerability identified in the Linux kernel's QRTR (Qualcomm IPC Router) networking component. The flaw is an out-of-bounds (OOB) read occurring in the function qrtr_endpoint_post, triggered by improper handling of a size parameter in the QRTR header. Specifically, the vulnerability arises due to an incorrect size type and a faulty boundary check. When the size field in the QRTR header is set to a large value (0xfffffffd or 4294967293), the alignment macro ALIGN(size, 4) incorrectly evaluates to zero. Consequently, the conditional check intended to prevent out-of-bounds access does not fail as expected if the length equals the header length. This allows the function skb_put_data to read beyond the allocated memory buffer by reading 'size' bytes starting at an offset, leading to an out-of-bounds read. This memory safety issue can potentially expose kernel memory contents or cause kernel instability. The vulnerability was reported by Syzbot and has been addressed in recent Linux kernel updates. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with QRTR enabled, which is common in embedded devices, IoT, and certain networking equipment using Qualcomm chipsets. Exploitation could lead to information disclosure through kernel memory leakage or cause denial of service by crashing the kernel. Confidentiality could be compromised if sensitive kernel memory is exposed. Integrity and availability could also be affected if the system crashes or behaves unpredictably. Given the widespread use of Linux in servers, industrial control systems, and telecommunications infrastructure across Europe, this vulnerability could impact critical infrastructure and enterprise environments. However, exploitation requires crafted packets targeting the QRTR interface, which may limit the attack surface to local or network-adjacent attackers with access to the vulnerable subsystem.

European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the vulnerability is in the QRTR component, organizations should audit their systems to identify if QRTR is in use, especially on devices with Qualcomm chipsets or embedded Linux systems. If QRTR is not required, disabling or unloading the QRTR kernel module can reduce exposure. Network segmentation and strict access controls should be enforced to limit access to vulnerable devices. Monitoring for unusual kernel crashes or anomalous network traffic targeting QRTR endpoints can help detect exploitation attempts. Additionally, organizations should maintain an inventory of embedded and IoT devices running Linux to ensure timely patching and mitigate risks from less visible endpoints.