CVE-2021-47657
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it happened in the bug report by syzbot), virtio_gpu_array_put_free() could be called with objs equal to NULL.
Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise return from the function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 377f8331d0565e6f71ba081c894029a92d0c7e77 < b094fece3810c71ceee6f0921676cb65d4e68c5a | affected |
| Linux | Linux | 377f8331d0565e6f71ba081c894029a92d0c7e77 < ac92b474eeeed75b8660374ba1d129a121c09da8 | affected |
| Linux | Linux | 377f8331d0565e6f71ba081c894029a92d0c7e77 < abc9ad36df16e27ac1c665085157f1a082d39bac | affected |
| Linux | Linux | 377f8331d0565e6f71ba081c894029a92d0c7e77 < 6b79f96f4a23846516e5e6e4dd37fc06f43a60dd | affected |
| Linux | Linux | 244dbb4abe123779ec30e7c6ca283a681aba5c94 | affected |
| Linux | Linux | 1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993ae | affected |
| Linux | Linux | 5.11.20 < 5.12 | affected |
| Linux | Linux | 5.12.3 < 5.13 | affected |
| Linux | Linux | 5.13 | affected |
| Linux | Linux | 0 < 5.13 | unaffected |
| Linux | Linux | 5.15.32 <= 5.15.* | unaffected |
| Linux | Linux | 5.16.18 <= 5.16.* | unaffected |
| Linux | Linux | 5.17.1 <= 5.17.* | unaffected |
| Linux | Linux | 5.18 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/b094fece3810c71ceee6f0921676cb65d4e68c5a
- https://git.kernel.org/stable/c/ac92b474eeeed75b8660374ba1d129a121c09da8
- https://git.kernel.org/stable/c/abc9ad36df16e27ac1c665085157f1a082d39bac
- https://git.kernel.org/stable/c/6b79f96f4a23846516e5e6e4dd37fc06f43a60dd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.