CVE-2021-47346 is a vulnerability identified in the Linux kernel, specifically within the coresight subsystem's tmc-etf component. The issue arises from an out-of-bounds read in the function tmc_update_etf_buffer(). This function improperly accesses the barrier_pkt array beyond its allocated size due to a missing boundary check. The vulnerability was introduced after a commit (6f755e85c332) that removed a trailing '\0' from the barrier_pkt array and updated related functions to include proper size checks, but failed to update tmc_update_etf_buffer() accordingly. As a result, tmc_update_etf_buffer() reads 4 bytes past the array boundary, triggering a Kernel Address Sanitizer (KASAN) global out-of-bounds error. The flaw can cause kernel memory corruption or crashes when the perf subsystem interacts with the coresight tracing infrastructure, particularly during event stopping or deletion operations. The detailed call trace shows the error occurs during perf event scheduling and execution, indicating that performance monitoring tools or kernel tracing utilities that use this code path are affected. The vulnerability affects multiple versions of the Linux kernel identified by the same commit hash, indicating a persistent issue until patched. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts kernel stability and memory safety, potentially leading to denial of service or information disclosure under certain conditions.

For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with the coresight tmc-etf component enabled. This includes servers, embedded devices, and workstations that utilize Linux for performance monitoring or tracing. Exploitation could lead to kernel crashes, causing denial of service and potential disruption of critical services. In environments where Linux kernels are used extensively, such as cloud providers, telecommunications infrastructure, and industrial control systems, this could impact availability and operational continuity. Although no active exploits are known, the vulnerability's presence in the kernel could be leveraged by attackers with local access or through malicious perf event configurations to destabilize systems or gain insights into kernel memory layout, potentially aiding further attacks. European organizations relying on Linux-based infrastructure for critical operations should consider this vulnerability seriously, especially those in sectors like finance, healthcare, and government where uptime and data integrity are paramount.

1. Apply the official Linux kernel patches that fix the out-of-bounds read in tmc_update_etf_buffer() as soon as they become available from trusted Linux distribution vendors or upstream kernel sources. 2. Disable or restrict usage of the coresight tmc-etf component and related perf event tracing features if they are not required, reducing the attack surface. 3. Implement strict access controls to limit which users or processes can invoke perf events or kernel tracing functionalities, preventing unprivileged exploitation attempts. 4. Monitor kernel logs and system behavior for signs of KASAN reports or unexpected kernel crashes related to perf events, enabling early detection of exploitation attempts. 5. For embedded or specialized Linux systems, ensure that kernel versions are regularly updated and that custom kernels incorporate the patch. 6. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to mitigate potential exploitation impact. 7. Coordinate with Linux distribution maintainers and security teams to track patch releases and vulnerability disclosures to maintain timely updates.