Lucene search

K
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2021-47533
HistoryMay 24, 2024 - 3:15 p.m.

CVE-2021-47533

2024-05-2415:15:16
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
25
linux kernel
drm/vc4
use-after-free
vulnerability
hvs fifo
commit pointer

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: kms: Clear the HVS FIFO commit pointer once done

Commit 9ec03d7f1ed3 (“drm/vc4: kms: Wait on previous FIFO users before a
commit”) introduced a wait on the previous commit done on a given HVS
FIFO.

However, we never cleared that pointer once done. Since
drm_crtc_commit_put can free the drm_crtc_commit structure directly if
we were the last user, this means that it can lead to a use-after free
if we were to duplicate the state, and that stale pointer would even be
copied to the new state.

Set the pointer to NULL once we’re done with the wait so that we don’t
carry over a pointer to a free’d structure.

Affected configurations

Vulners
Node
linuxlinux_kernelRange5.125.15.7
OR
linuxlinux_kernelRange5.16.0

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/gpu/drm/vc4/vc4_kms.c"
    ],
    "versions": [
      {
        "version": "9ec03d7f1ed3",
        "lessThan": "2931db9a5ed2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ec03d7f1ed3",
        "lessThan": "d134c5ff71c7",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/gpu/drm/vc4/vc4_kms.c"
    ],
    "versions": [
      {
        "version": "5.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.12",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.7",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%