CVE-2021-47658 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for AMD GPUs. The issue pertains to a memory leak in the gpu_metrics_table allocation and deallocation process. In detail, memory is allocated for gpu_metrics_table during the initialization function renoir_init_smc_tables(), but this allocated memory is not properly freed in the corresponding cleanup function smu_v12_0_fini_smc_tables(). This results in a potential memory leak, where allocated memory remains reserved and unused, potentially leading to resource exhaustion over time. Although the vulnerability does not directly enable code execution or privilege escalation, the leak could degrade system performance or stability, especially on systems with AMD GPUs running vulnerable Linux kernel versions. The flaw is rooted in improper resource management within the AMD GPU power management code, which is critical for maintaining efficient GPU operation and system stability. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was officially published on February 26, 2025, and affects specific Linux kernel versions containing the flawed commit. The patch involves ensuring that the allocated gpu_metrics_table memory is properly freed during the cleanup phase to prevent the leak.

For European organizations, the impact of CVE-2021-47658 is primarily related to system reliability and resource management on Linux systems utilizing AMD GPUs. Organizations with high-performance computing environments, data centers, or workstations relying on AMD graphics hardware and Linux kernels containing this vulnerability may experience gradual memory exhaustion leading to degraded GPU performance or system instability. This could affect critical workloads, especially in sectors such as scientific research, media production, and financial services where GPU acceleration is leveraged. While the vulnerability does not directly compromise confidentiality or integrity, the availability and stability of affected systems could be impaired, potentially causing downtime or reduced productivity. Given the absence of known exploits, the immediate risk is low, but unpatched systems remain vulnerable to potential future exploitation or operational issues. European organizations with large-scale Linux deployments should prioritize patching to maintain system health and avoid indirect impacts on business continuity.

To mitigate CVE-2021-47658, European organizations should: 1) Identify Linux systems running AMD GPUs and verify kernel versions for the presence of the vulnerable code. 2) Apply the official Linux kernel patches that fix the gpu_metrics_table memory leak as soon as they become available, or upgrade to a kernel version where the issue is resolved. 3) Monitor system resource usage, particularly GPU-related memory consumption, to detect abnormal increases that may indicate the leak in action. 4) Implement routine system maintenance and kernel updates as part of standard operational procedures to reduce exposure to such vulnerabilities. 5) For critical environments, consider deploying monitoring tools that track GPU driver and kernel module health to proactively identify potential memory leaks or performance degradation. These steps go beyond generic advice by focusing on targeted identification, patch management, and proactive monitoring specific to AMD GPU subsystems on Linux.