Vulnerability Details : CVE-2021-47533
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Clear the HVS FIFO commit pointer once done
Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a
commit") introduced a wait on the previous commit done on a given HVS
FIFO.
However, we never cleared that pointer once done. Since
drm_crtc_commit_put can free the drm_crtc_commit structure directly if
we were the last user, this means that it can lead to a use-after free
if we were to duplicate the state, and that stale pointer would even be
copied to the new state.
Set the pointer to NULL once we're done with the wait so that we don't
carry over a pointer to a free'd structure.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-47533
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-47533
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
References for CVE-2021-47533
-
https://git.kernel.org/stable/c/2931db9a5ed219546cf2ae0546698faf78281b89
drm/vc4: kms: Clear the HVS FIFO commit pointer once done - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/d134c5ff71c7f2320fc7997f2fbbdedf0c76889a
drm/vc4: kms: Clear the HVS FIFO commit pointer once done - kernel/git/stable/linux.git - Linux kernel stable tree
Jump to