vulnerability

Debian: CVE-2021-47533: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:L/Au:S/C:C/I:N/A:C)	05/24/2024	07/30/2024	02/20/2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:C)

Published

05/24/2024

Added

07/30/2024

Modified

02/20/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: kms: Clear the HVS FIFO commit pointer once done

Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a
commit") introduced a wait on the previous commit done on a given HVS
FIFO.

However, we never cleared that pointer once done. Since
drm_crtc_commit_put can free the drm_crtc_commit structure directly if
we were the last user, this means that it can lead to a use-after free
if we were to duplicate the state, and that stale pointer would even be
copied to the new state.

Set the pointer to NULL once we're done with the wait so that we don't
carry over a pointer to a free'd structure.

Solution

debian-upgrade-linux

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today