CVE-2024-47731 is a vulnerability identified in the Linux kernel specifically within the ali_drw_pmu driver, which is part of the performance monitoring unit (PMU) drivers. The issue arises because the alibaba_uncore_pmu driver fails to clear all interrupt status flags during its interrupt processing routine. When a PMU counter overflow interrupt occurs, the driver neglects to clear the interrupt status properly, leading to an interrupt storm—an excessive and continuous generation of interrupts. This storm can overwhelm the system's interrupt handling capabilities, causing the system to hang or become unresponsive. The root cause is a missing or incomplete clearing of interrupt status bits in the interrupt handler function. The fix involves ensuring that the correct interrupt status bits are cleared during interrupt processing to prevent the storm and maintain system stability. This vulnerability affects specific versions of the Linux kernel identified by the commit hash cf7b61073e4526caa247616f6fbb174cbd2a5366. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel stability rather than directly exposing data confidentiality or integrity. However, system availability is at risk due to potential hangs caused by the interrupt storm.

For European organizations, the primary impact of CVE-2024-47731 is on system availability and stability. Systems running affected Linux kernel versions with the ali_drw_pmu driver enabled may experience hangs or crashes due to interrupt storms triggered by PMU counter overflow interrupts. This can disrupt critical services, especially in environments relying on Linux for servers, embedded systems, or performance monitoring tasks. Industries such as telecommunications, finance, manufacturing, and cloud service providers that use Linux-based infrastructure could face operational downtime or degraded performance. Although the vulnerability does not directly compromise data confidentiality or integrity, the denial-of-service-like effect can lead to significant business interruptions and potential financial losses. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the interrupt storm. European organizations with customized or Alibaba hardware platforms that utilize the ali_drw_pmu driver are particularly at risk. The vulnerability also highlights the importance of maintaining up-to-date kernel versions and monitoring kernel driver behavior in production environments.

To mitigate CVE-2024-47731, European organizations should: 1) Apply the official Linux kernel patch that corrects the interrupt status clearing in the ali_drw_pmu driver as soon as it becomes available. This is the definitive fix to prevent the interrupt storm condition. 2) Identify and inventory all systems running the affected Linux kernel versions and verify if the ali_drw_pmu driver is in use, especially on Alibaba hardware or platforms that may include this driver. 3) Implement kernel update policies that prioritize security patches for critical kernel components, including device drivers. 4) Monitor system logs and performance metrics for signs of interrupt storms or unusual interrupt activity that could indicate attempts to trigger this vulnerability. 5) For systems where immediate patching is not feasible, consider disabling the ali_drw_pmu driver if it is not essential to operations, to prevent the vulnerability from being triggered. 6) Engage with hardware vendors and Linux distribution maintainers to ensure timely updates and support for this vulnerability. 7) Incorporate this vulnerability into incident response and system hardening checklists to ensure awareness and readiness.