| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022650-CVE-2021-47657-6f3d@gregkh> Date: Wed, 26 Feb 2025 02:54:08 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47657: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it happened in the bug report by syzbot), virtio_gpu_array_put_free() could be called with objs equal to NULL. Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise return from the function. The Linux kernel CVE team has assigned CVE-2021-47657 to this issue. Affected and fixed versions =========================== Issue introduced in 5.13 with commit 377f8331d0565e6f71ba081c894029a92d0c7e77 and fixed in 5.15.32 with commit b094fece3810c71ceee6f0921676cb65d4e68c5a Issue introduced in 5.13 with commit 377f8331d0565e6f71ba081c894029a92d0c7e77 and fixed in 5.16.18 with commit ac92b474eeeed75b8660374ba1d129a121c09da8 Issue introduced in 5.13 with commit 377f8331d0565e6f71ba081c894029a92d0c7e77 and fixed in 5.17.1 with commit abc9ad36df16e27ac1c665085157f1a082d39bac Issue introduced in 5.13 with commit 377f8331d0565e6f71ba081c894029a92d0c7e77 and fixed in 5.18 with commit 6b79f96f4a23846516e5e6e4dd37fc06f43a60dd Issue introduced in 5.11.20 with commit 244dbb4abe123779ec30e7c6ca283a681aba5c94 Issue introduced in 5.12.3 with commit 1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993ae Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47657 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/virtio/virtgpu_gem.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b094fece3810c71ceee6f0921676cb65d4e68c5a https://git.kernel.org/stable/c/ac92b474eeeed75b8660374ba1d129a121c09da8 https://git.kernel.org/stable/c/abc9ad36df16e27ac1c665085157f1a082d39bac https://git.kernel.org/stable/c/6b79f96f4a23846516e5e6e4dd37fc06f43a60dd
Powered by blists - more mailing lists