CVE-2021-47280
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free read in drm_getunique() There is a time-of-check-to-time-of-use error in drm_getunique() due to retrieving file_priv->master prior to locking the device's master mutex. An example can be seen in the crash report of the use-after-free error found by Syzbot: https://syzkaller.appspot.com/bug?id=148d2f1dfac64af52ffd27b661981a540724f803 In the report, the master pointer was used after being freed. This is because another process had acquired the device's master mutex in drm_setmaster_ioctl(), then overwrote fpriv->master in drm_new_set_master(). The old value of fpriv->master was subsequently freed before the mutex was unlocked. To fix this, we lock the device's master mutex before retrieving the pointer from from fpriv->master. This patch passes the Syzbot reproducer test.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5acc614ac47465fee6375a9af4740f618830762d - < 17dab9326ff263c62dab1dbac4492e2938a049e4affected 5acc614ac47465fee6375a9af4740f618830762d - < 7d233ba700ceb593905ea82b42dadb4ec8ef85e9affected 5acc614ac47465fee6375a9af4740f618830762d - < b246b4c70c1250e7814f409b243000f9c0bf79a3affected 5acc614ac47465fee6375a9af4740f618830762d - < 491d52e0078860b33b6c14f0a7ac74ca1b603bd6affected 5acc614ac47465fee6375a9af4740f618830762d - < f773f8cccac13c7e7bbd9182e7996c727742488e+1 more versions |
Linux | Linux | affected 4.11unaffected 0 - < 4.11unaffected 4.14.237 - <= 4.14.*unaffected 4.19.195 - <= 4.19.*unaffected 5.4.126 - <= 5.4.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now