CVE-2021-47617 is a vulnerability in the Linux kernel's PCI Express Hotplug (pciehp) driver related to handling power fault interrupts. The vulnerability stems from an infinite loop occurring in the interrupt request (IRQ) handler when a power fault is detected on a hot-plug PCIe slot. Specifically, the Power Fault Detected (PFD) bit in the Slot Status register is sticky and can only be cleared by turning off slot power, as per PCIe specification r5.0 section 6.7.1.8. Historically, this stickiness caused interrupt storms and infinite loops, which were fixed in 2009 by two commits addressing power fault interrupt storms and enabling software notifications on empty slots. However, in 2020, a subsequent commit intended to fix a different issue (MSI interrupt race) inadvertently reintroduced the infinite loop problem. The root cause is that the hard IRQ handler (pciehp_isr) clears the PFD bit only after the power_fault_detected flag is set, but this flag is set in the IRQ thread (pciehp_ist), which never runs because the hard IRQ handler is stuck in an infinite loop. The fix involves setting the power_fault_detected flag already in the hard IRQ handler to break the loop. This vulnerability affects specific Linux kernel versions identified by certain commit hashes and impacts systems using PCIe hotplug functionality. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability could lead to denial of service (DoS) conditions on affected Linux systems that utilize PCIe hotplug slots, particularly in servers and critical infrastructure hardware that rely on dynamic PCIe device management. The infinite loop in the IRQ handler can cause the system to become unresponsive or degrade performance due to interrupt storms, potentially impacting availability of services. This is especially critical in data centers, telecommunications, and industrial control systems where Linux is widely deployed. While confidentiality and integrity impacts are minimal as this is primarily an availability issue, the disruption of hardware hotplug operations could delay maintenance and hardware replacement activities, increasing operational risk. The lack of known exploits reduces immediate threat but the vulnerability’s presence in kernel versions used by many European enterprises means timely patching is essential to avoid service interruptions.

European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2021-47617. Since the vulnerability is related to specific commits, applying the latest stable kernel releases or backported patches from trusted Linux distributions is recommended. Organizations should audit their systems to identify those using PCIe hotplug functionality and verify kernel versions. For environments where immediate patching is not feasible, temporarily disabling PCIe hotplug support or power fault detection features in BIOS/UEFI or kernel parameters may reduce exposure, though this may impact hardware flexibility. Monitoring system logs for repeated PCIe power fault interrupts and unusual IRQ handler behavior can provide early warning signs. Additionally, implementing robust change management and testing procedures for kernel updates will ensure stability and security. Coordination with hardware vendors for firmware updates that may complement kernel fixes is also advised.