In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit
9ec03d7f1ed3 (“drm/vc4: kms: Wait on previous FIFO users before a commit”)
introduced a wait on the previous commit done on a given HVS FIFO. However,
we never cleared that pointer once done. Since drm_crtc_commit_put can free
the drm_crtc_commit structure directly if we were the last user, this means
that it can lead to a use-after free if we were to duplicate the state, and
that stale pointer would even be copied to the new state. Set the pointer
to NULL once we’re done with the wait so that we don’t carry over a pointer
to a free’d structure.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/d134c5ff71c7f2320fc7997f2fbbdedf0c76889a (5.16-rc4)
git.kernel.org/stable/c/2931db9a5ed219546cf2ae0546698faf78281b89
git.kernel.org/stable/c/d134c5ff71c7f2320fc7997f2fbbdedf0c76889a
launchpad.net/bugs/cve/CVE-2021-47533
nvd.nist.gov/vuln/detail/CVE-2021-47533
security-tracker.debian.org/tracker/CVE-2021-47533
www.cve.org/CVERecord?id=CVE-2021-47533