CVE-2021-47441 is a high-severity vulnerability in the Linux kernel's mlxsw driver, which handles thermal management for Mellanox network devices. The flaw arises because the mlxsw driver permits setting cooling states beyond the maximum cooling state supported by the driver. Specifically, the driver does not properly validate the 'cur_state' value written to the thermal cooling device sysfs interface, allowing values exceeding the 'max_state'. When thermal state transition statistics are enabled (CONFIG_THERMAL_STATISTICS=y), this leads to out-of-bounds memory accesses in the thermal_cooling_device_stats_update function. The vulnerability is a classic buffer over-read/write scenario (CWE-787), where the driver accesses memory beyond allocated bounds due to an unchecked index. This can cause kernel memory corruption, potentially leading to system instability, crashes (denial of service), or elevation of privileges if exploited by a local attacker with limited privileges (PR:L). The vulnerability does not require user interaction (UI:N) but does require local privileges to write to the thermal cooling device interface. The Linux kernel patch reverts a prior commit that tried to interpret invalid cooling states and enforces strict validation to reject cooling states above the maximum supported. The issue was identified in Linux kernel versions including 5.15.0-rc3 and likely affects other versions using the mlxsw driver. The vulnerability has a CVSS v3.1 score of 7.3, reflecting high impact on confidentiality and availability, with limited integrity impact. No known exploits are reported in the wild as of publication. The root cause is a lack of input validation in the mlxsw thermal driver, leading to out-of-bounds memory access and potential kernel memory corruption.

For European organizations, this vulnerability poses a significant risk primarily to systems running Linux kernels with the mlxsw driver enabled, which is common in environments using Mellanox network hardware, such as data centers, cloud providers, and enterprises with high-performance networking infrastructure. Exploitation could allow a local attacker to cause denial of service by crashing the kernel or potentially escalate privileges, compromising system confidentiality and availability. This could lead to disruption of critical network services, data breaches, or lateral movement within networks. Organizations relying on Linux-based network appliances or servers with Mellanox hardware are particularly at risk. Given the high adoption of Linux in European telecom, cloud, and research infrastructures, the vulnerability could impact critical infrastructure and services. However, exploitation requires local access and the ability to write to thermal sysfs interfaces, which may limit remote exploitation but does not eliminate insider threats or attacks via compromised accounts. The absence of known exploits reduces immediate risk but patching is critical to prevent future attacks. The impact on confidentiality is high due to potential kernel memory corruption, which might expose sensitive data. Availability impact is also high due to possible kernel crashes. Integrity impact is lower but cannot be ruled out entirely.

European organizations should implement the following specific mitigation steps: 1) Identify all Linux systems using Mellanox network hardware and verify kernel versions and driver configurations. 2) Apply the official Linux kernel patches that enforce validation of cooling states in the mlxsw driver as soon as they become available from trusted Linux distributions or backport patches if necessary. 3) If patching is delayed, restrict write permissions to the thermal cooling device sysfs interfaces (/sys/class/thermal/thermal_zone*/cdev*/cur_state) to trusted administrators only, preventing unprivileged users from triggering the vulnerability. 4) Monitor system logs for any unusual thermal sysfs writes or kernel warnings related to thermal_cooling_device_stats_update or KASAN slab-out-of-bounds errors. 5) Employ kernel runtime security tools that can detect out-of-bounds memory accesses or anomalous thermal driver behavior. 6) Conduct internal audits to ensure no unauthorized local access exists on critical systems. 7) Educate system administrators about the risk and signs of exploitation attempts. 8) For environments using custom or older kernels, consider backporting the patch or disabling thermal statistics if feasible, as a temporary workaround. These measures go beyond generic advice by focusing on access control to the vulnerable interface, proactive monitoring, and targeted patch management for affected hardware and drivers.