CVE-2021-47508 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation. The issue arises from improper handling of memory allocation failures in the direct IO write path, specifically related to extent_changeset management. When functions such as btrfs_qgroup_reserve_data() or btrfs_delalloc_reserve_metadata() fail, the allocated extent_changeset is not freed properly, leading to memory leaks. This flaw was introduced after a specific commit (65b3c08606e5) that fixed an ENOSPC failure during direct IO writes into NOCOW (No Copy-On-Write) ranges. The vulnerability manifests primarily in the direct IO write path and at defrag_one_locked_target(), where extent_changeset_free() is not called on failure paths, unlike other code paths where it is correctly invoked. The technical details include kernel stack traces showing the functions involved, such as ulist_add_merge, set_state_bits, set_extent_bit, and others within the btrfs module. The memory leak is detected by kmemleak reports during filesystem tests, indicating unreferenced objects that remain allocated. Although this vulnerability does not directly cause data corruption or immediate system crashes, the memory leak can lead to resource exhaustion over time, potentially degrading system performance or causing denial of service conditions. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the specified commit hashes, which correspond to recent kernel versions implementing the fix for ENOSPC in direct IO writes.

For European organizations relying on Linux systems with Btrfs filesystems, this vulnerability poses a risk of gradual memory exhaustion on affected systems performing direct IO write operations. This can impact servers, storage appliances, or virtual machines that utilize Btrfs for data storage, especially in environments with heavy IO workloads or defragmentation processes. The memory leak could lead to degraded system responsiveness, increased swap usage, or eventual denial of service if the kernel memory is exhausted. While it does not directly compromise confidentiality or integrity, availability could be affected due to system instability or crashes caused by resource depletion. Organizations with critical infrastructure running Linux servers, cloud platforms, or container hosts using Btrfs may experience operational disruptions. The absence of known exploits reduces immediate threat but does not eliminate risk, especially in high-demand environments. The vulnerability's impact is more pronounced in long-running systems where memory leaks accumulate over time without reboot or remediation.

To mitigate CVE-2021-47508, European organizations should promptly apply Linux kernel updates that include the fix for this vulnerability, ensuring the affected commit is present. Kernel versions released after May 2024 are expected to contain the patch. System administrators should monitor kernel memory usage and kmemleak reports to detect potential leaks early. For environments where immediate patching is not feasible, consider reducing or avoiding workloads that trigger direct IO writes on Btrfs or disable defragmentation tasks temporarily. Implementing proactive resource monitoring and alerting on memory consumption trends can help identify affected systems before service impact occurs. Additionally, organizations should validate their backup and recovery processes to mitigate risks from potential system instability. Engaging with Linux distribution vendors for security advisories and patches is recommended to maintain up-to-date protection. Finally, consider evaluating the necessity of Btrfs usage in critical systems and assess alternative filesystems if appropriate until patches are applied.