CVE-2021-47342 is a vulnerability in the Linux kernel's ext4 filesystem implementation. Specifically, it concerns a use-after-free (UAF) condition that can occur when remounting an ext4 filesystem as read-only (r/o) if the filesystem is protected by multi-mount protection (mmp). The issue arises after a previous fix (commit 618f003199c6) that addressed a memory leak in ext4_fill_super. When the filesystem is remounted read-only, a race condition can occur where the kmmpd kernel thread, responsible for mmp functionality, may exit prematurely. This premature exit causes the sbi->s_mmp_tsk pointer to reference freed memory. Subsequently, when ext4_stop_mmpd() is called, it may attempt to access this invalid pointer, leading to a use-after-free scenario. This can cause kernel instability, including potential crashes or memory corruption. The fix implemented ensures that the kmmpd thread only exits when explicitly stopped via ext4_stop_mmpd(), preventing the race condition and eliminating the use-after-free risk. This vulnerability is rooted in kernel-level memory management and threading synchronization within the ext4 filesystem code. No known exploits are reported in the wild, and the vulnerability requires remounting the filesystem as read-only under mmp protection, which is a relatively specific operational scenario.

For European organizations, the impact of CVE-2021-47342 depends largely on their use of Linux systems with ext4 filesystems configured with multi-mount protection and the practice of remounting filesystems as read-only. Exploitation could lead to kernel crashes or memory corruption, potentially causing denial of service (DoS) conditions on critical servers or infrastructure. This could disrupt services, especially in environments relying on Linux for web servers, file servers, or other critical infrastructure. While the vulnerability does not appear to allow privilege escalation or arbitrary code execution directly, the resulting instability could be leveraged in multi-stage attacks or cause operational downtime. Organizations running containerized environments or cloud services on Linux with ext4 filesystems might also be affected if they perform remount operations under these conditions. Given the kernel-level nature, the impact on confidentiality and integrity is limited unless combined with other vulnerabilities, but availability is at risk. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the flaw.

European organizations should promptly apply the Linux kernel patches that address CVE-2021-47342 as provided by their Linux distribution vendors. Since this vulnerability involves a race condition during remounting of ext4 filesystems with mmp protection, organizations should audit their systems to identify if and where such configurations exist. Specifically, they should: 1) Avoid unnecessary remounting of ext4 filesystems as read-only, especially in production environments. 2) Disable multi-mount protection if it is not required for their use case, reducing the attack surface. 3) Implement kernel update policies that ensure timely deployment of security patches, including for kernel subsystems like filesystems. 4) Monitor system logs for kernel warnings or crashes related to ext4 or mmp threads, which might indicate attempts to trigger the vulnerability. 5) For critical systems, consider additional kernel hardening and runtime protections that can detect or prevent use-after-free conditions. 6) Test patches in staging environments to ensure stability before wide deployment, as kernel updates can affect system behavior. These steps go beyond generic advice by focusing on the specific operational conditions that enable exploitation and emphasizing configuration review and operational best practices.