CVE-2021-47365 is a vulnerability identified in the Linux kernel's AFS (Andrew File System) implementation, specifically within the afs_extend_writeback() function. The vulnerability arises from a page reference leak caused by a logic error in the handling of pages during writeback operations. The function attempts to optimize writeback efficiency by extending the batch of pages to write; however, when it encounters a page that cannot be immediately written back, the loop breaks early but fails to properly release the speculative reference to that page. This results in a page reference leak, which over time causes significant memory consumption, as evidenced by the generic/074 test that leaks approximately 4 GiB of RAM per run. The root cause is linked to a code refactor where the cleanup loop was removed when switching from find_get_pages_contig(), which retrieved pages in batches, to xarray scanning, which retrieves pages one at a time. The fix involves ensuring that the page reference is properly accounted for on early loop exit without adding the page to the pagevec used for RPC calls, preventing the leak. While this vulnerability does not directly enable code execution or privilege escalation, the memory leak can degrade system performance and potentially lead to denial of service (DoS) conditions due to resource exhaustion. No known exploits are currently reported in the wild, and the vulnerability affects specific Linux kernel versions identified by commit hashes. The issue is primarily relevant to systems running the affected Linux kernel versions with AFS enabled and actively used.

For European organizations, the impact of CVE-2021-47365 depends largely on their use of Linux systems with AFS enabled. Organizations relying on Linux servers for critical infrastructure, file sharing, or networked storage that utilize AFS could experience significant memory leaks leading to degraded system performance or crashes. This could disrupt business operations, especially in sectors such as telecommunications, research institutions, and enterprises with legacy AFS deployments. The memory leak could cause denial of service conditions, forcing unplanned downtime or requiring system reboots, impacting availability and operational continuity. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can be severe in environments with high workloads or limited memory resources. European organizations with large-scale Linux deployments or those in industries with stringent uptime requirements should be particularly cautious. Additionally, the leak could complicate incident response and forensic analysis by masking other issues due to resource exhaustion.

To mitigate CVE-2021-47365, organizations should: 1) Identify and inventory Linux systems running affected kernel versions with AFS enabled. 2) Apply the official patches or kernel updates that address this vulnerability as soon as they become available from trusted Linux distribution maintainers or upstream sources. 3) If immediate patching is not feasible, consider disabling AFS or limiting its usage to reduce exposure. 4) Monitor system memory usage closely on affected systems to detect abnormal increases that may indicate the leak is occurring. 5) Implement automated alerts for unusual memory consumption patterns to enable rapid response. 6) Conduct regular kernel updates and maintain a robust patch management process to prevent similar issues. 7) For critical systems, consider deploying redundancy and failover mechanisms to minimize downtime in case of memory exhaustion. 8) Engage with Linux vendor support channels for guidance on backporting fixes if using long-term support kernels. These steps go beyond generic advice by focusing on AFS-specific configurations and proactive monitoring tailored to the nature of this leak.