CVE-2021-47657

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()

If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it happened in the bug report by syzbot), virtio_gpu_array_put_free() could be called with objs equal to NULL.

Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise return from the function.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux377f8331d0565e6f71ba081c894029a92d0c7e77 < b094fece3810c71ceee6f0921676cb65d4e68c5aaffected
LinuxLinux377f8331d0565e6f71ba081c894029a92d0c7e77 < ac92b474eeeed75b8660374ba1d129a121c09da8affected
LinuxLinux377f8331d0565e6f71ba081c894029a92d0c7e77 < abc9ad36df16e27ac1c665085157f1a082d39bacaffected
LinuxLinux377f8331d0565e6f71ba081c894029a92d0c7e77 < 6b79f96f4a23846516e5e6e4dd37fc06f43a60ddaffected
LinuxLinux244dbb4abe123779ec30e7c6ca283a681aba5c94affected
LinuxLinux1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993aeaffected
LinuxLinux5.11.20 < 5.12affected
LinuxLinux5.12.3 < 5.13affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.32 <= 5.15.*unaffected
LinuxLinux5.16.18 <= 5.16.*unaffected
LinuxLinux5.17.1 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References