CVE-2021-47439 is a medium-severity vulnerability in the Linux kernel's Distributed Switch Architecture (DSA) subsystem, specifically affecting the Microchip KSZ switch driver module (ksz). The vulnerability arises during the removal of the ksz kernel module using the rmmod command. When the ksz module is unloaded, the function ksz_switch_remove attempts to cancel a delayed workqueue (mib_read_work) using cancel_delayed_work_sync and unregister the switch from the DSA framework. However, during the unregistration process, the function dsa_unregister_switch calls ksz_mac_link_down, which reschedules the workqueue if mib_interval is non-zero. Since the slave device referenced by dp->slave is already unregistered in ksz_switch_remove, the rescheduled workqueue attempts to access a null pointer, causing a kernel crash due to a null pointer dereference. The fix implemented resets mib_interval to zero before canceling the workqueue, preventing the rescheduling and subsequent null pointer access. This vulnerability does not affect confidentiality or integrity but impacts system availability by causing kernel crashes (denial of service). The CVSS 3.1 score is 5.5 (medium), reflecting local attack vector, low attack complexity, low privileges required, no user interaction, and impact limited to availability. No known exploits are reported in the wild as of publication. The vulnerability affects specific Linux kernel versions containing the vulnerable ksz driver code identified by the commit hash 469b390e1ba330e888175e55d78573db2e9a8cb4. This issue is relevant for systems using the Microchip KSZ switch hardware managed by the Linux DSA subsystem, commonly found in embedded devices, industrial equipment, and network appliances running Linux kernels with this driver version.

For European organizations, the primary impact of CVE-2021-47439 is the potential for denial-of-service conditions on Linux-based systems utilizing the Microchip KSZ switch driver. This is particularly relevant for industrial control systems, telecommunications infrastructure, and embedded network devices prevalent in sectors such as manufacturing, energy, and critical infrastructure. A kernel crash triggered by module removal or driver reload could lead to system downtime, disrupting operational technology environments or network connectivity. Although exploitation requires local privileges and is not remotely exploitable, insider threats or compromised administrative accounts could trigger the vulnerability. The impact on confidentiality and integrity is negligible, but availability degradation could affect business continuity and safety-critical operations. European organizations relying on Linux-based embedded systems with this hardware should assess their exposure, especially in environments where system stability is critical and patch deployment cycles are slow due to operational constraints.

To mitigate CVE-2021-47439, European organizations should: 1) Apply the latest Linux kernel patches that include the fix resetting mib_interval to zero before canceling the workqueue in the ksz driver. This is the definitive remediation. 2) Identify and inventory all systems running Linux kernels with the vulnerable ksz driver version, focusing on embedded devices and network appliances using Microchip KSZ switches. 3) Avoid unloading or reloading the ksz kernel module on production systems until patched, as the vulnerability triggers during module removal. 4) Implement strict access controls and monitoring to limit local administrative access to trusted personnel only, reducing the risk of accidental or malicious triggering of the vulnerability. 5) For systems where patching is delayed, consider isolating affected devices from critical networks or implementing redundancy to minimize impact from potential crashes. 6) Monitor kernel logs and system stability metrics for signs of unexpected crashes related to the ksz driver. 7) Engage with hardware and Linux distribution vendors to ensure timely updates and support for affected devices.