CVE-2021-47338
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-47338
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47338.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-47338
- Related
- Published
- 2024-05-21T15:15:20Z
- Modified
- 2024-09-18T03:17:25.826031Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fbmem: Do not delete the mode that is still in use
The execution of fbdeletevideomode() is not based on the result of the previous fbconmodedeleted(). As a result, the mode is directly deleted, regardless of whether it is still in use, which may cause UAF.
================================================================== BUG: KASAN: use-after-free in fbmodeis_equal+0x36e/0x5e0 \ drivers/video/fbdev/core/modedb.c:924 Read of size 4 at addr ffff88807e0ddb1c by task syz-executor.0/18962
CPU: 2 PID: 18962 Comm: syz-executor.0 Not tainted 5.10.45-rc1+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Call Trace: _dumpstack lib/dumpstack.c:77 [inline] dumpstack+0x137/0x1be lib/dumpstack.c:118 printaddressdescription+0x6c/0x640 mm/kasan/report.c:385 _kasanreport mm/kasan/report.c:545 [inline] kasanreport+0x13d/0x1e0 mm/kasan/report.c:562 fbmodeisequal+0x36e/0x5e0 drivers/video/fbdev/core/modedb.c:924 fbconmodedeleted+0x16a/0x220 drivers/video/fbdev/core/fbcon.c:2746 fbsetvar+0x1e1/0xdb0 drivers/video/fbdev/core/fbmem.c:975 dofbioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108 vfsioctl fs/ioctl.c:48 [inline] _dosysioctl fs/ioctl.c:753 [inline] _sesysioctl+0xfb/0x170 fs/ioctl.c:739 dosyscall64+0x2d/0x70 arch/x86/entry/common.c:46 entrySYSCALL64afterhwframe+0x44/0xa9
Freed by task 18960: kasansavestack mm/kasan/common.c:48 [inline] kasansettrack+0x3d/0x70 mm/kasan/common.c:56 kasansetfreeinfo+0x17/0x30 mm/kasan/generic.c:355 _kasanslabfree+0x108/0x140 mm/kasan/common.c:422 slabfreehook mm/slub.c:1541 [inline] slabfreefreelisthook+0xd6/0x1a0 mm/slub.c:1574 slabfree mm/slub.c:3139 [inline] kfree+0xca/0x3d0 mm/slub.c:4121 fbdeletevideomode+0x56a/0x820 drivers/video/fbdev/core/modedb.c:1104 fbsetvar+0x1f3/0xdb0 drivers/video/fbdev/core/fbmem.c:978 dofbioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108 vfsioctl fs/ioctl.c:48 [inline] _dosysioctl fs/ioctl.c:753 [inline] _sesysioctl+0xfb/0x170 fs/ioctl.c:739 dosyscall64+0x2d/0x70 arch/x86/entry/common.c:46 entrySYSCALL64after_hwframe+0x44/0xa9
- References
-
- https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8
- https://git.kernel.org/stable/c/0af778269a522c988ef0b4188556aba97fb420cc
- https://git.kernel.org/stable/c/359311b85ebec7c07c3a08ae2f3def946cad33fa
- https://git.kernel.org/stable/c/d6e76469157d8f240e5dec6f8411aa8d306b1126
- https://git.kernel.org/stable/c/f193509afc7ff37a46862610c93b896044d5b693
- https://security-tracker.debian.org/tracker/CVE-2021-47338
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source