CVE-2021-47063

drm: bridge/panel: Cleanup connector on bridge detach

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm: bridge/panel: Cleanup connector on bridge detach

If we don't call drm_connector_cleanup() manually in
panel_bridge_detach(), the connector will be cleaned up with the other
DRM objects in the call to drm_mode_config_cleanup(). However, since our
drm_connector is devm-allocated, by the time drm_mode_config_cleanup()
will be called, our connector will be long gone. Therefore, the
connector must be cleaned up when the bridge is detached to avoid
use-after-free conditions.

v2: Cleanup connector only if it was created

v3: Add FIXME

v4: (Use connector->dev) directly in if() block

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge/panel: Limpiar conector en bridge detach Si no llamamos a drm_connector_cleanup() manualmente en panel_bridge_detach(), el conector se limpiará con los demás objetos DRM en la llamada a drm_mode_config_cleanup(). Sin embargo, dado que nuestro drm_connector está asignado por devm, para cuando se llame a drm_mode_config_cleanup(), nuestro conector ya no existirá. Por lo tanto, el conector debe limpiarse cuando se retira el puente para evitar condiciones de uso después de su liberación. v2: Limpiar el conector solo si fue creado v3: Agregar FIXME v4: (Usar conector->dev) directamente en el bloque if()

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-29 CVE Reserved
2024-02-29 CVE Published
2024-03-01 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/13dfc0540a575b47b2d640b093ac16e9e09474f6	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ce450934a00cf896e648fde08d0bd1426653d7a2	2021-05-14
https://git.kernel.org/stable/c/18149b420c9bd93c443e8d1f48a063d71d9f6aa1	2021-05-14
https://git.kernel.org/stable/c/98d7d76a74e48ec3ddf2e23950adff7edcab9327	2021-05-14
https://git.kernel.org/stable/c/4d906839d321c2efbf3fed4bc31ffd9ff55b75c0	2021-03-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.13 < 5.10.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 5.10.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.13 < 5.11.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 5.11.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.13 < 5.12.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 5.12.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.13 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 5.13"		en		Affected