Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-47338
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-21 May, 2024 | 14:35
Updated At-04 May, 2025 | 07:08
Rejected At-
▼CVE Numbering Authority (CNA)
fbmem: Do not delete the mode that is still in use

In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previous fbcon_mode_deleted(). As a result, the mode is directly deleted, regardless of whether it is still in use, which may cause UAF. ================================================================== BUG: KASAN: use-after-free in fb_mode_is_equal+0x36e/0x5e0 \ drivers/video/fbdev/core/modedb.c:924 Read of size 4 at addr ffff88807e0ddb1c by task syz-executor.0/18962 CPU: 2 PID: 18962 Comm: syz-executor.0 Not tainted 5.10.45-rc1+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x137/0x1be lib/dump_stack.c:118 print_address_description+0x6c/0x640 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report+0x13d/0x1e0 mm/kasan/report.c:562 fb_mode_is_equal+0x36e/0x5e0 drivers/video/fbdev/core/modedb.c:924 fbcon_mode_deleted+0x16a/0x220 drivers/video/fbdev/core/fbcon.c:2746 fb_set_var+0x1e1/0xdb0 drivers/video/fbdev/core/fbmem.c:975 do_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 18960: kasan_save_stack mm/kasan/common.c:48 [inline] kasan_set_track+0x3d/0x70 mm/kasan/common.c:56 kasan_set_free_info+0x17/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x108/0x140 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1541 [inline] slab_free_freelist_hook+0xd6/0x1a0 mm/slub.c:1574 slab_free mm/slub.c:3139 [inline] kfree+0xca/0x3d0 mm/slub.c:4121 fb_delete_videomode+0x56a/0x820 drivers/video/fbdev/core/modedb.c:1104 fb_set_var+0x1f3/0xdb0 drivers/video/fbdev/core/fbmem.c:978 do_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/video/fbdev/core/fbmem.c
Default Status
unaffected
Versions
Affected
  • From 13ff178ccd6d3b8074c542a911300b79c4eec255 before 359311b85ebec7c07c3a08ae2f3def946cad33fa (git)
  • From 13ff178ccd6d3b8074c542a911300b79c4eec255 before 087bff9acd2ec6db3f61aceb3224bde90fe0f7f8 (git)
  • From 13ff178ccd6d3b8074c542a911300b79c4eec255 before f193509afc7ff37a46862610c93b896044d5b693 (git)
  • From 13ff178ccd6d3b8074c542a911300b79c4eec255 before d6e76469157d8f240e5dec6f8411aa8d306b1126 (git)
  • From 13ff178ccd6d3b8074c542a911300b79c4eec255 before 0af778269a522c988ef0b4188556aba97fb420cc (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/video/fbdev/core/fbmem.c
Default Status
affected
Versions
Affected
  • 5.3
Unaffected
  • From 0 before 5.3 (semver)
  • From 5.4.134 through 5.4.* (semver)
  • From 5.10.52 through 5.10.* (semver)
  • From 5.12.19 through 5.12.* (semver)
  • From 5.13.4 through 5.13.* (semver)
  • From 5.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/359311b85ebec7c07c3a08ae2f3def946cad33fa
N/A
https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8
N/A
https://git.kernel.org/stable/c/f193509afc7ff37a46862610c93b896044d5b693
N/A
https://git.kernel.org/stable/c/d6e76469157d8f240e5dec6f8411aa8d306b1126
N/A
https://git.kernel.org/stable/c/0af778269a522c988ef0b4188556aba97fb420cc
N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/359311b85ebec7c07c3a08ae2f3def946cad33fa
x_transferred
https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8
x_transferred
https://git.kernel.org/stable/c/f193509afc7ff37a46862610c93b896044d5b693
x_transferred
https://git.kernel.org/stable/c/d6e76469157d8f240e5dec6f8411aa8d306b1126
x_transferred
https://git.kernel.org/stable/c/0af778269a522c988ef0b4188556aba97fb420cc
x_transferred
Details not found