CVE-2021-47657

drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it
happened in the bug report by syzbot), virtio_gpu_array_put_free() could be
called with objs equal to NULL. Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise
return from the function.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/377f8331d0565e6f71ba081c894029a92d0c7e77	Vuln. Introduced
https://git.kernel.org/stable/c/244dbb4abe123779ec30e7c6ca283a681aba5c94	Vuln. Introduced
https://git.kernel.org/stable/c/1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993ae	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b094fece3810c71ceee6f0921676cb65d4e68c5a	2022-03-28
https://git.kernel.org/stable/c/ac92b474eeeed75b8660374ba1d129a121c09da8	2022-03-28
https://git.kernel.org/stable/c/abc9ad36df16e27ac1c665085157f1a082d39bac	2022-03-28
https://git.kernel.org/stable/c/6b79f96f4a23846516e5e6e4dd37fc06f43a60dd	2022-01-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.32 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.32"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.16.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.16.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.17.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.17.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.11.20 Search vendor "Linux" for product "Linux Kernel" and version "5.11.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.12.3 Search vendor "Linux" for product "Linux Kernel" and version "5.12.3"		en		Affected