CVE-2021-47289 is a vulnerability identified in the Linux kernel's ACPI (Advanced Configuration and Power Interface) subsystem. The issue arises from improper handling of NULL pointers in the function acpi_dev_put(), which is called during reference counting operations in for_each_acpi_dev_match(). Specifically, a commit (71f642833284) introduced a scenario where acpi_dev_put() could be called with a NULL pointer. The function was not originally designed to handle NULL pointers, leading to a NULL pointer dereference when put_device() is invoked with an invalid offset derived from the NULL pointer. This results in a kernel crash (denial of service) due to the kernel's inability to safely manage the NULL pointer. The fix implemented makes acpi_dev_put() silently accept NULL pointers without further dereferencing, preventing the kernel panic. The vulnerability affects Linux kernel versions prior to the patch and is related to internal kernel reference counting and device management in the ACPI subsystem. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.

The primary impact of CVE-2021-47289 is a potential denial of service (DoS) condition caused by a kernel panic triggered by a NULL pointer dereference. For European organizations running Linux-based systems, especially those using ACPI for power management on laptops, servers, or embedded devices, this vulnerability could lead to unexpected system crashes. This can disrupt critical services, cause data loss due to abrupt shutdowns, and reduce system availability. While the vulnerability does not appear to allow privilege escalation or remote code execution, the DoS impact can be significant in environments requiring high availability, such as financial institutions, healthcare providers, and industrial control systems prevalent in Europe. Since the vulnerability is in the kernel, exploitation could affect any user or process triggering the vulnerable code path, potentially impacting multi-user systems and cloud environments. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the flaw.

To mitigate CVE-2021-47289, European organizations should prioritize applying the official Linux kernel patches that address the NULL pointer dereference in the ACPI subsystem. Kernel updates should be tested and deployed promptly, especially on systems where ACPI is actively used. Organizations should audit their Linux kernel versions and ensure they are running a version that includes the fix. For environments where immediate patching is challenging, consider implementing kernel-level monitoring to detect and alert on kernel panics or crashes related to ACPI operations. Additionally, restricting untrusted user access and minimizing the attack surface by disabling unnecessary ACPI features or modules where feasible can reduce the likelihood of triggering the vulnerability. System administrators should also maintain robust backup and recovery procedures to mitigate the impact of unexpected system crashes. Finally, monitoring vendor advisories and Linux kernel mailing lists for any emerging exploit information is recommended.