CVE-2021-47142

drm/amdgpu: Fix a use-after-free

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix a use-after-free

looks like we forget to set ttm->sg to NULL.
Hit panic below

[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI
[ 1235.989074] Call Trace:
[ 1235.991751] sg_free_table+0x17/0x20
[ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu]
[ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu]
[ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm]
[ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm]
[ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm]
[ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm]
[ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu]
[ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu]
[ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu]
[ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se soluciona un problema de use-after-free que parece que nos olvidamos de configurar ttm->sg en NULL. Se produce pánico a continuación [1235.844104] falla de protección general, probablemente para la dirección no canónica 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [1235.989074] Seguimiento de llamadas: [1235.991751] sg_free_table+0x17/0x20 [ 123 5.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa 0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 123 6.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [ amdgpu]

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-04 CVE Reserved
2024-03-25 CVE Published
2024-03-26 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d	2021-06-03
https://git.kernel.org/stable/c/3293cf3513d69f00c14d43e2020826d45ea0e46a	2021-06-03
https://git.kernel.org/stable/c/952ab3f9f48eb0e8050596d41951cf516be6b122	2021-06-03
https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17	2021-06-03
https://git.kernel.org/stable/c/7398c2aab4da960761ec182d04d6d5abbb4a226e	2021-06-03
https://git.kernel.org/stable/c/f98cdf084405333ee2f5be548a91b2d168e49276	2021-06-03
https://git.kernel.org/stable/c/d4ea141fd4b40636a8326df5a377d9c5cf9b3faa	2021-06-03
https://git.kernel.org/stable/c/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2	2021-05-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.193"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.13 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13"		en		Affected