CVE-2021-47556 is a vulnerability identified in the Linux kernel's ethtool ioctl interface, specifically within the ethtool_set_coalesce() function. This function is responsible for setting coalescing parameters on network devices, which can optimize interrupt handling and improve network performance. The vulnerability arises due to a flawed check for the availability of the .get_coalesce() and .set_coalesce() callbacks provided by network device drivers. The ethtool_set_coalesce() function expects both callbacks to be present; however, some drivers may implement only one of these callbacks. When ethtool_set_coalesce() attempts to change coalesce settings on such devices, it can dereference a NULL pointer because the code does not properly verify the presence of both callbacks before use. This results in a NULL pointer dereference, causing a kernel crash (kernel panic) and thus a denial of service (DoS) condition. The issue affects the legacy ioctl path of ethtool and requires a specific driver configuration where either only .get_coalesce() and .coalesce_supported are implemented without .set_coalesce(), or vice versa. The vulnerability is not trivial to reproduce and does not affect the newer netlink interface, which correctly checks for callback availability. No known exploits are currently reported in the wild. The fix involves correcting the condition to ensure both callbacks are present before proceeding, aligning the ioctl behavior with the netlink code. This vulnerability impacts Linux kernel versions containing the affected commit hashes and is relevant to systems using network drivers with the described callback configurations.

For European organizations, this vulnerability primarily poses a risk of denial of service through kernel crashes on affected Linux systems. Many European enterprises and service providers rely heavily on Linux-based infrastructure for servers, networking equipment, and cloud environments. A successful exploitation could disrupt critical network services, leading to downtime and potential loss of availability for business applications, especially in sectors such as finance, telecommunications, and public services. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting system crashes could interrupt operations and require system reboots, impacting service continuity. Additionally, organizations with custom or legacy network drivers that implement only one of the coalesce callbacks are more susceptible. Given the specificity of the vulnerability and the lack of known exploits, the immediate threat level is moderate; however, the potential for targeted attacks exploiting this flaw in critical infrastructure cannot be discounted. The impact is more pronounced in environments where high availability is essential and where kernel stability is critical for operational continuity.

European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the ethtool ioctl interface correctly verifies callback availability. System administrators should audit network drivers in use to identify any that implement only one of the .get_coalesce() or .set_coalesce() callbacks and consider replacing or updating these drivers if possible. For environments where immediate patching is not feasible, restricting access to ethtool ioctl interfaces to trusted administrators can reduce the risk of exploitation, as the vulnerability requires local or privileged access to trigger. Monitoring kernel logs for signs of NULL pointer dereference crashes related to ethtool operations can help detect attempted exploitation. Additionally, organizations should consider migrating from legacy ioctl-based ethtool usage to the netlink interface, which is not affected by this vulnerability and includes proper callback checks. Implementing robust kernel crash recovery and high availability configurations can mitigate the operational impact of any potential crashes caused by this vulnerability.