CVE-2021-47242 is a high-severity vulnerability in the Linux kernel related to the Multipath TCP (MPTCP) implementation. The issue arises from improper locking in the subflow_error_report() function, which is part of the MPTCP subflow error handling mechanism. Specifically, subflow_error_report() attempts to acquire the mptcp_data_lock while it may already be holding other socket locks (ssk socket lock and msk socket lock) depending on the call context. This leads to a locking conflict resulting in a soft lockup, where the CPU becomes stuck for an extended period (e.g., 22 seconds as observed in the reported bug). The root cause is a classic concurrency problem where a function tries to acquire a lock that is already held in the current call stack, causing a deadlock or soft lockup. The vulnerability is categorized under CWE-667 (Improper Locking). The fix involved moving the error reporting call to outer functions where the held locks are known, allowing the kernel to acquire only the necessary locks and avoid deadlocks. This vulnerability affects specific Linux kernel versions identified by commit hashes and impacts systems using MPTCP, a protocol extension that allows multiple TCP paths for a single connection to improve redundancy and throughput. The CVSS v3.1 score is 7.8 (high), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and high impact on confidentiality, integrity, and availability. No known exploits are reported in the wild as of the publication date (May 21, 2024).

For European organizations, this vulnerability poses a significant risk primarily to systems running Linux kernels with MPTCP enabled or in use. MPTCP is increasingly adopted in environments requiring high availability and network resilience, such as data centers, cloud infrastructure, telecom networks, and critical industrial systems. Exploitation could lead to denial of service via CPU soft lockups, severely impacting system availability and potentially causing service outages. The high impact on confidentiality and integrity suggests that attackers could leverage this vulnerability to disrupt or manipulate network traffic, possibly affecting sensitive communications. Given the widespread use of Linux in European enterprises, government agencies, and critical infrastructure, the vulnerability could affect a broad range of sectors including finance, healthcare, telecommunications, and manufacturing. The requirement for local access and user interaction somewhat limits remote exploitation but insider threats or compromised user accounts could still trigger the issue. The vulnerability could also be leveraged as part of a multi-stage attack to escalate privileges or disrupt network operations.

European organizations should prioritize patching affected Linux kernel versions by applying the official fixes that move the error reporting call to safer contexts with proper lock acquisition. System administrators must audit their environments to identify Linux systems running affected kernel versions with MPTCP enabled. Disabling MPTCP where it is not required can reduce the attack surface. Monitoring system logs for soft lockup warnings or unusual CPU stalls can help detect exploitation attempts. Implement strict access controls to limit local user permissions and reduce the risk of malicious or accidental triggering of the vulnerability. Network segmentation and endpoint protection can further contain potential impacts. For critical systems, consider deploying kernel live patching solutions to minimize downtime during remediation. Additionally, educating users about the risks of executing untrusted code or commands locally can reduce the likelihood of user interaction-based exploitation.