CVE-2021-47622 is a vulnerability identified in the Linux kernel's SCSI subsystem, specifically affecting the UFS (Universal Flash Storage) host controller driver (ufshcd). The issue arises from a deadlock condition in the error handling code path. The deadlock occurs when all SCSI tags are allocated, and the SCSI error handler invokes ufshcd_eh_host_reset_handler(), which queues work that calls ufshcd_err_handler(). During execution, ufshcd_err_handler() attempts to allocate a request via ufshcd_exec_dev_cmd(), but due to the exhaustion of available tags and the lack of reserved requests, the system locks up. The kernel call trace shows the deadlock occurs within the workqueue context, involving scheduling and request allocation functions. The root cause is that ufshcd_exec_dev_cmd() does not allocate a reserved request, causing the error handler to block indefinitely when no tags are available. The fix involves modifying ufshcd_exec_dev_cmd() to allocate a reserved request, preventing the deadlock by ensuring the error handler can proceed even when all normal tags are in use. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was published on July 16, 2024. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability could lead to system instability or denial of service (DoS) conditions on Linux systems utilizing UFS storage devices, which are common in embedded systems, mobile devices, and some server environments. The deadlock in the error handler can cause the affected system to hang or become unresponsive, impacting availability. This is particularly critical for environments requiring high availability or real-time processing, such as telecommunications infrastructure, industrial control systems, and critical cloud services. While confidentiality and integrity are not directly impacted, the availability disruption could lead to operational downtime, loss of productivity, and potential cascading failures in dependent systems. Organizations relying on Linux kernels with the vulnerable UFS driver in their infrastructure should consider this a significant stability risk. Since no known exploits are currently reported, the threat is primarily from accidental triggering or fault conditions rather than targeted attacks, but the potential for future exploitation exists once the vulnerability is publicly known.

European organizations should prioritize updating their Linux kernel to a version that includes the fix for CVE-2021-47622. Specifically, ensure that the kernel version incorporates the patch that modifies ufshcd_exec_dev_cmd() to allocate reserved requests during error handling. For embedded or specialized devices where kernel updates are less frequent, vendors should be contacted for firmware or kernel patches addressing this issue. Additionally, organizations should audit systems using UFS storage to identify vulnerable devices and consider temporary mitigations such as limiting workloads that heavily utilize SCSI tags or implementing monitoring to detect symptoms of deadlock (e.g., system hangs or unresponsive error handlers). Implementing robust system monitoring and alerting for kernel hangs or workqueue stalls can help detect exploitation or triggering of this vulnerability early. Finally, testing updates in controlled environments before deployment is recommended to ensure stability and compatibility.