In the Linux kernel, the following vulnerability has been resolved:

fbmem: Do not delete the mode that is still in use

The execution of fb_delete_videomode() is not based on the result of the
previous fbcon_mode_deleted(). As a result, the mode is directly deleted,
regardless of whether it is still in use, which may cause UAF.

==================================================================
BUG: KASAN: use-after-free in fb_mode_is_equal+0x36e/0x5e0 \
drivers/video/fbdev/core/modedb.c:924
Read of size 4 at addr ffff88807e0ddb1c by task syz-executor.0/18962

CPU: 2 PID: 18962 Comm: syz-executor.0 Not tainted 5.10.45-rc1+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ...
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x137/0x1be lib/dump_stack.c:118
print_address_description+0x6c/0x640 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report+0x13d/0x1e0 mm/kasan/report.c:562
fb_mode_is_equal+0x36e/0x5e0 drivers/video/fbdev/core/modedb.c:924
fbcon_mode_deleted+0x16a/0x220 drivers/video/fbdev/core/fbcon.c:2746
fb_set_var+0x1e1/0xdb0 drivers/video/fbdev/core/fbmem.c:975
do_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 18960:
kasan_save_stack mm/kasan/common.c:48 [inline]
kasan_set_track+0x3d/0x70 mm/kasan/common.c:56
kasan_set_free_info+0x17/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0x108/0x140 mm/kasan/common.c:422
slab_free_hook mm/slub.c:1541 [inline]
slab_free_freelist_hook+0xd6/0x1a0 mm/slub.c:1574
slab_free mm/slub.c:3139 [inline]
kfree+0xca/0x3d0 mm/slub.c:4121
fb_delete_videomode+0x56a/0x820 drivers/video/fbdev/core/modedb.c:1104
fb_set_var+0x1f3/0xdb0 drivers/video/fbdev/core/fbmem.c:978
do_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
13ff178ccd6d3b8074c542a911300b79c4eec255 affected
< 359311b85ebec7c07c3a08ae2f3def946cad33fa
13ff178ccd6d3b8074c542a911300b79c4eec255 affected
< 087bff9acd2ec6db3f61aceb3224bde90fe0f7f8
13ff178ccd6d3b8074c542a911300b79c4eec255 affected
< f193509afc7ff37a46862610c93b896044d5b693
13ff178ccd6d3b8074c542a911300b79c4eec255 affected
< d6e76469157d8f240e5dec6f8411aa8d306b1126
13ff178ccd6d3b8074c542a911300b79c4eec255 affected
< 0af778269a522c988ef0b4188556aba97fb420cc
Linux Linux affected
Version Status Constraints
5.3 affected
0 unaffected
< 5.3
5.4.134 unaffected
≤ 5.4.*
5.10.52 unaffected
≤ 5.10.*
5.12.19 unaffected
≤ 5.12.*
5.13.4 unaffected
≤ 5.13.*
5.14 unaffected
≤ *

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:7001 2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:7000 2024-09-24T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8 cve-icon cve-icon
https://git.kernel.org/stable/c/0af778269a522c988ef0b4188556aba97fb420cc cve-icon cve-icon
https://git.kernel.org/stable/c/359311b85ebec7c07c3a08ae2f3def946cad33fa cve-icon cve-icon
https://git.kernel.org/stable/c/d6e76469157d8f240e5dec6f8411aa8d306b1126 cve-icon cve-icon
https://git.kernel.org/stable/c/f193509afc7ff37a46862610c93b896044d5b693 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47338-cd10@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-47338 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-47338 cve-icon
History

Tue, 24 Dec 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 24 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products Redhat
Redhat enterprise Linux

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T07:08:55.555Z

Reserved: 2024-05-21T14:28:16.978Z

Link: CVE-2021-47338

cve-icon Vulnrichment

Updated: 2024-08-04T05:32:08.605Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-21T15:15:20.610

Modified: 2024-12-24T16:39:44.677

Link: CVE-2021-47338

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47338 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses