CVE-2021-47348 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2
https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f
https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f
https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e
https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47348-df7d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47348
https://www.cve.org/CVERecord?id=CVE-2021-47348

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:35:53.613Z

Updated: 2024-08-04T05:32:08.506Z

Reserved: 2024-05-21T14:28:16.983Z

Link: CVE-2021-47348

Vulnrichment

Updated: 2024-06-06T15:14:56.636Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:21.350

Modified: 2024-07-03T01:37:42.580

Link: CVE-2021-47348

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47348 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47348", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.983Z", "datePublished": "2024-05-21T14:35:53.613Z", "dateUpdated": "2024-08-04T05:32:08.506Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:06:24.665Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid HDCP over-read and corruption\n\nInstead of reading the desired 5 bytes of the actual target field,\nthe code was reading 8. This could result in a corrupted value if the\ntrailing 3 bytes were non-zero, so instead use an appropriately sized\nand zero-initialized bounce buffer, and read only 5 bytes before casting\nto u64."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "c5b518f4b98d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "44c7c901cb36", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3b2b93a485fb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "06888d571b51", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c"], "versions": [{"version": "5.10.51", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.18", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13.3", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e"}, {"url": "https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f"}, {"url": "https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f"}, {"url": "https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2"}], "title": "drm/amd/display: Avoid HDCP over-read and corruption", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1da177e4c3f4", "status": "affected", "lessThan": "c5b518f4b98d", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1da177e4c3f4", "status": "affected", "lessThan": "44c7c901cb36", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1da177e4c3f4", "status": "affected", "lessThan": "3b2b93a485fb", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1da177e4c3f4", "status": "affected", "lessThan": "06888d571b51", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.14", "status": "unaffected"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.10.51", "status": "unaffected", "lessThanOrEqual": "5.11", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.12.18", "status": "unaffected", "lessThanOrEqual": "5.13", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.13.3", "status": "unaffected", "lessThanOrEqual": "5,14", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T15:12:36.483068Z", "id": "CVE-2021-47348", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T15:26:50.007Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.506Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47348", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.983Z", "datePublished": "2024-05-21T14:35:53.613Z", "dateUpdated": "2024-06-06T15:26:50.007Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:06:24.665Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid HDCP over-read and corruption\n\nInstead of reading the desired 5 bytes of the actual target field,\nthe code was reading 8. This could result in a corrupted value if the\ntrailing 3 bytes were non-zero, so instead use an appropriately sized\nand zero-initialized bounce buffer, and read only 5 bytes before casting\nto u64."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "c5b518f4b98d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "44c7c901cb36", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3b2b93a485fb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "06888d571b51", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c"], "versions": [{"version": "5.10.51", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.18", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13.3", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e"}, {"url": "https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f"}, {"url": "https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f"}, {"url": "https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2"}], "title": "drm/amd/display: Avoid HDCP over-read and corruption", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-47348", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-06T15:12:36.483068Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "c5b518f4b98d", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "44c7c901cb36", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "3b2b93a485fb", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "06888d571b51", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.14"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.10.51", "versionType": "custom", "lessThanOrEqual": "5.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.12.18", "versionType": "custom", "lessThanOrEqual": "5.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.13.3", "versionType": "custom", "lessThanOrEqual": "5,14"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T15:14:56.636Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid HDCP over-read and corruption\n\nInstead of reading the desired 5 bytes of the actual target field,\nthe code was reading 8. This could result in a corrupted value if the\ntrailing 3 bytes were non-zero, so instead use an appropriately sized\nand zero-initialized bounce buffer, and read only 5 bytes before casting\nto u64."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: evita la sobrelectura y la corrupci\u00f3n de HDCP. En lugar de leer los 5 bytes deseados del campo de destino real, el c\u00f3digo le\u00eda 8. Esto podr\u00eda resultar en un archivo da\u00f1ado. valor si los 3 bytes finales fueran distintos de cero, por lo tanto, utilice un b\u00fafer de rebote de tama\u00f1o adecuado e inicializado en cero, y lea solo 5 bytes antes de convertir a u64."}], "id": "CVE-2021-47348", "lastModified": "2024-07-03T01:37:42.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T15:15:21.350", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: drm/amd/display: Avoid HDCP over-read and corruption", "id": "2282405", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282405"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Avoid HDCP over-read and corruption\nInstead of reading the desired 5 bytes of the actual target field,\nthe code was reading 8. This could result in a corrupted value if the\ntrailing 3 bytes were non-zero, so instead use an appropriately sized\nand zero-initialized bounce buffer, and read only 5 bytes before casting\nto u64."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47348", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47348\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47348\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47348-df7d@gregkh/T"], "statement": "This vulnerability is rated as a moderate severity because it can lead to data corruption or incorrect display data, it does not directly compromise the system's security.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.51, kernel 5.12.18, kernel 5.13.3, kernel 5.14"}