CVE-2021-47338 - Vulnerability Details

- fbmem: Do not delete the mode that is still in use

Description

In the Linux kernel, the following vulnerability has been resolved:

fbmem: Do not delete the mode that is still in use

The execution of fb_delete_videomode() is not based on the result of the
previous fbcon_mode_deleted(). As a result, the mode is directly deleted,
regardless of whether it is still in use, which may cause UAF.

==================================================================
BUG: KASAN: use-after-free in fb_mode_is_equal+0x36e/0x5e0 \
drivers/video/fbdev/core/modedb.c:924
Read of size 4 at addr ffff88807e0ddb1c by task syz-executor.0/18962

CPU: 2 PID: 18962 Comm: syz-executor.0 Not tainted 5.10.45-rc1+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ...
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x137/0x1be lib/dump_stack.c:118
print_address_description+0x6c/0x640 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report+0x13d/0x1e0 mm/kasan/report.c:562
fb_mode_is_equal+0x36e/0x5e0 drivers/video/fbdev/core/modedb.c:924
fbcon_mode_deleted+0x16a/0x220 drivers/video/fbdev/core/fbcon.c:2746
fb_set_var+0x1e1/0xdb0 drivers/video/fbdev/core/fbmem.c:975
do_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 18960:
kasan_save_stack mm/kasan/common.c:48 [inline]
kasan_set_track+0x3d/0x70 mm/kasan/common.c:56
kasan_set_free_info+0x17/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0x108/0x140 mm/kasan/common.c:422
slab_free_hook mm/slub.c:1541 [inline]
slab_free_freelist_hook+0xd6/0x1a0 mm/slub.c:1574
slab_free mm/slub.c:3139 [inline]
kfree+0xca/0x3d0 mm/slub.c:4121
fb_delete_videomode+0x56a/0x820 drivers/video/fbdev/core/modedb.c:1104
fb_set_var+0x1f3/0xdb0 drivers/video/fbdev/core/fbmem.c:978
do_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9

Published: 2024-05-21

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`13ff178ccd6d3b8074c542a911300b79c4eec255`	affected	< 359311b85ebec7c07c3a08ae2f3def946cad33fa
`13ff178ccd6d3b8074c542a911300b79c4eec255`	affected	< 087bff9acd2ec6db3f61aceb3224bde90fe0f7f8
`13ff178ccd6d3b8074c542a911300b79c4eec255`	affected	< f193509afc7ff37a46862610c93b896044d5b693
`13ff178ccd6d3b8074c542a911300b79c4eec255`	affected	< d6e76469157d8f240e5dec6f8411aa8d306b1126
`13ff178ccd6d3b8074c542a911300b79c4eec255`	affected	< 0af778269a522c988ef0b4188556aba97fb420cc

Linux

affected

Version	Status	Constraints
`5.3`	affected	—
`0`	unaffected	< 5.3
`5.4.134`	unaffected	≤ 5.4.*
`5.10.52`	unaffected	≤ 5.10.*
`5.12.19`	unaffected	≤ 5.12.*
`5.13.4`	unaffected	≤ 5.13.*
`5.14`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc1::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8
https://git.kernel.org/stable/c/0af778269a522c988ef0b4188556aba97fb420cc
https://git.kernel.org/stable/c/359311b85ebec7c07c3a08ae2f3def946cad33fa
https://git.kernel.org/stable/c/d6e76469157d8f240e5dec6f8411aa8d306b1126
https://git.kernel.org/stable/c/f193509afc7ff37a46862610c93b896044d5b693
https://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47338-cd10@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47338
https://www.cve.org/CVERecord?id=CVE-2021-47338

History

Tue, 24 Dec 2024 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.14:rc1::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 24 Sep 2024 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products		Redhat Redhat enterprise Linux

Subscriptions

Linux Linux Kernel

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:35:47.028Z

Updated: 2026-05-11T13:52:42.317Z

Reserved: 2024-05-21T14:28:16.978Z

Link: CVE-2021-47338

Vulnrichment

Updated: 2024-08-04T05:32:08.605Z

NVD

Status : Analyzed

Published: 2024-05-21T15:15:20.610

Modified: 2024-12-24T16:39:44.677

Link: CVE-2021-47338

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47338 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object