CVE-2021-47327 is a vulnerability identified in the Linux kernel specifically related to the ARM System Memory Management Unit (SMMU) driver, which manages input-output memory management units (IOMMU) on ARM platforms. The issue arises from a reference count leak in the arm_smmu_device component when the function arm_smmu_rpm_get() fails. This function calls pm_runtime_get_sync(), which increments the reference count of the "smmu" device even if the function returns an error (a negative value). The caller functions of arm_smmu_rpm_get() do not properly decrement this reference count in error scenarios, leading to a leak. Over time, this leak can cause resource exhaustion, potentially resulting in denial of service (DoS) conditions due to the inability to properly manage device power states or memory mappings. The fix involves replacing pm_runtime_get_sync() with pm_runtime_resume_and_get() in arm_smmu_rpm_get(), which correctly balances the reference count even when failures occur. This vulnerability is classified under CWE-911 (Improper Release of Memory Before Removing Last Reference) and has a CVSS v3.1 score of 7.1 (high severity), reflecting its significant impact on confidentiality and availability without requiring user interaction but needing low privileges and local access. No known exploits are reported in the wild as of the publication date (May 21, 2024).

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels on ARM-based hardware that utilize the ARM SMMU driver, such as certain embedded systems, IoT devices, and ARM servers. The reference count leak can lead to resource exhaustion, causing system instability or denial of service, which could disrupt critical services or infrastructure operations. Confidentiality impact is high because improper management of memory and device states could potentially be leveraged in complex attack chains to access sensitive data, although direct exploitation for data breach is less likely. The availability impact is high due to the potential for system crashes or degraded performance. European sectors relying on ARM-based Linux systems in telecommunications, industrial control, or cloud edge computing could be particularly affected. Given the local access requirement and low complexity of exploitation, insider threats or attackers with limited system access could trigger the vulnerability, emphasizing the need for timely patching in environments with multi-tenant or shared access.

European organizations should prioritize updating their Linux kernel versions to include the patch that replaces pm_runtime_get_sync() with pm_runtime_resume_and_get() in the arm_smmu_rpm_get() function. Since the vulnerability affects the kernel level, kernel upgrades distributed by Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be applied promptly. For embedded or custom ARM Linux systems, vendors should be contacted to obtain updated firmware or kernel patches. Additionally, organizations should audit systems running ARM-based Linux kernels to identify vulnerable versions and restrict local access to trusted users only. Implementing strict access controls and monitoring for unusual resource usage or device power state anomalies can help detect exploitation attempts. Employing runtime integrity checking and kernel security modules (e.g., SELinux, AppArmor) may provide additional defense layers. Finally, organizations should maintain an inventory of ARM-based Linux systems to ensure comprehensive coverage of patching efforts.