5.5
CVE-2021-47142
- EPSS 0.23%
- Veröffentlicht 25.03.2024 09:15:08
- Zuletzt bearbeitet 17.12.2024 14:56:12
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
drm/amdgpu: Fix a use-after-free
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 4.4.271
Linux ≫ Linux Kernel Version >= 4.9.0 < 4.9.271
Linux ≫ Linux Kernel Version >= 4.14.0 < 4.14.235
Linux ≫ Linux Kernel Version >= 4.19.0 < 4.19.193
Linux ≫ Linux Kernel Version >= 5.4.0 < 5.4.124
Linux ≫ Linux Kernel Version >= 5.10.0 < 5.10.42
Linux ≫ Linux Kernel Version >= 5.12.0 < 5.12.9
Linux ≫ Linux Kernel Version5.13 Updaterc1
Linux ≫ Linux Kernel Version5.13 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.14 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d
https://git.kernel.org/stable/c/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2
https://git.kernel.org/stable/c/3293cf3513d69f00c14d43e2020826d45ea0e46a
https://git.kernel.org/stable/c/7398c2aab4da960761ec182d04d6d5abbb4a226e
https://git.kernel.org/stable/c/952ab3f9f48eb0e8050596d41951cf516be6b122
https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17
https://git.kernel.org/stable/c/d4ea141fd4b40636a8326df5a377d9c5cf9b3faa
https://git.kernel.org/stable/c/f98cdf084405333ee2f5be548a91b2d168e49276