{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47535", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:02:54.826Z", "datePublished": "2024-05-24T15:09:43.994Z", "dateUpdated": "2024-11-04T12:07:48.679Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:07:48.679Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Allocate enough space for GMU registers\n\nIn commit 142639a52a01 (\"drm/msm/a6xx: fix crashstate capture for\nA650\") we changed a6xx_get_gmu_registers() to read 3 sets of\nregisters. Unfortunately, we didn't change the memory allocation for\nthe array. That leads to a KASAN warning (this was on the chromeos-5.4\nkernel, which has the problematic commit backported to it):\n\n BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430\n Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209\n CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22\n Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT)\n Call trace:\n dump_backtrace+0x0/0x248\n show_stack+0x20/0x2c\n dump_stack+0x128/0x1ec\n print_address_description+0x88/0x4a0\n __kasan_report+0xfc/0x120\n kasan_report+0x10/0x18\n __asan_report_store8_noabort+0x1c/0x24\n _a6xx_get_gmu_registers+0x144/0x430\n a6xx_gpu_state_get+0x330/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18\n\n Allocated by task 209:\n __kasan_kmalloc+0xfc/0x1c4\n kasan_kmalloc+0xc/0x14\n kmem_cache_alloc_trace+0x1f0/0x2a0\n a6xx_gpu_state_get+0x164/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c"], "versions": [{"version": "142639a52a01", "lessThan": "d646856a600e", "status": "affected", "versionType": "git"}, {"version": "142639a52a01", "lessThan": "83e54fcf0b14", "status": "affected", "versionType": "git"}, {"version": "142639a52a01", "lessThan": "b4d25abf9720", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.84", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.7", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8"}, {"url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538"}, {"url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708"}], "title": "drm/msm/a6xx: Allocate enough space for GMU registers", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:34:34.685290Z", "id": "CVE-2021-47535", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:34:55.686Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.827Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.827Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:34:34.685290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:34:35.689Z"}}], "cna": {"title": "drm/msm/a6xx: Allocate enough space for GMU registers", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "142639a52a01", "lessThan": "d646856a600e", "versionType": "git"}, {"status": "affected", "version": "142639a52a01", "lessThan": "83e54fcf0b14", "versionType": "git"}, {"status": "affected", "version": "142639a52a01", "lessThan": "b4d25abf9720", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.9"}, {"status": "unaffected", "version": "0", "lessThan": "5.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.84", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.7", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8"}, {"url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538"}, {"url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Allocate enough space for GMU registers\n\nIn commit 142639a52a01 (\"drm/msm/a6xx: fix crashstate capture for\nA650\") we changed a6xx_get_gmu_registers() to read 3 sets of\nregisters. Unfortunately, we didn't change the memory allocation for\nthe array. That leads to a KASAN warning (this was on the chromeos-5.4\nkernel, which has the problematic commit backported to it):\n\n BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430\n Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209\n CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22\n Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT)\n Call trace:\n dump_backtrace+0x0/0x248\n show_stack+0x20/0x2c\n dump_stack+0x128/0x1ec\n print_address_description+0x88/0x4a0\n __kasan_report+0xfc/0x120\n kasan_report+0x10/0x18\n __asan_report_store8_noabort+0x1c/0x24\n _a6xx_get_gmu_registers+0x144/0x430\n a6xx_gpu_state_get+0x330/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18\n\n Allocated by task 209:\n __kasan_kmalloc+0xfc/0x1c4\n kasan_kmalloc+0xc/0x14\n kmem_cache_alloc_trace+0x1f0/0x2a0\n a6xx_gpu_state_get+0x164/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:07:48.679Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47535", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:07:48.679Z", "dateReserved": "2024-05-24T15:02:54.826Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:09:43.994Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Allocate enough space for GMU registers\n\nIn commit 142639a52a01 (\"drm/msm/a6xx: fix crashstate capture for\nA650\") we changed a6xx_get_gmu_registers() to read 3 sets of\nregisters. Unfortunately, we didn't change the memory allocation for\nthe array. That leads to a KASAN warning (this was on the chromeos-5.4\nkernel, which has the problematic commit backported to it):\n\n BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430\n Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209\n CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22\n Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT)\n Call trace:\n dump_backtrace+0x0/0x248\n show_stack+0x20/0x2c\n dump_stack+0x128/0x1ec\n print_address_description+0x88/0x4a0\n __kasan_report+0xfc/0x120\n kasan_report+0x10/0x18\n __asan_report_store8_noabort+0x1c/0x24\n _a6xx_get_gmu_registers+0x144/0x430\n a6xx_gpu_state_get+0x330/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18\n\n Allocated by task 209:\n __kasan_kmalloc+0xfc/0x1c4\n kasan_kmalloc+0xc/0x14\n kmem_cache_alloc_trace+0x1f0/0x2a0\n a6xx_gpu_state_get+0x164/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/msm/a6xx: asigne suficiente espacio para los registros GMU. En el commit 142639a52a01 (\"drm/msm/a6xx: corrija la captura del estado de falla para A650\") cambiamos a6xx_get_gmu_registers() para que diga 3 conjuntos de registros. Desafortunadamente, no cambiamos la asignaci\u00f3n de memoria para la matriz. Eso conduce a una advertencia de KASAN (esto estaba en el kernel chromeos-5.4, que tiene el commit problem\u00e1tica respaldada): ERROR: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430 Escritura de tama\u00f1o 8 en addr ffffff80c89432b0 por tarea A618-worker/209 CPU: 5 PID: 209 Comm: A618-worker Contaminado: GW 5.4.156-lockdep #22 Nombre del hardware: Google Lazor Limozeen sin pantalla t\u00e1ctil (rev5 - rev8) (DT) Rastreo de llamadas: dump_backtrace+0x0 /0x248 show_stack+0x20/0x2c dump_stack+0x128/0x1ec print_address_description+0x88/0x4a0 __kasan_report+0xfc/0x120 kasan_report+0x10/0x18 __asan_report_store8_noabort+0x1c/0x24 _a6xx_get_gmu_registers +0x144/0x430 a6xx_gpu_state_get+0x330/0x25d4 msm_gpu_crashstate_capture+0xa0/0x84c recovery_worker+0x328 /0x838 kthread_worker_fn+0x32c/0x574 kthread+0x2dc/0x39c ret_from_fork+0x10/0x18 Asignado por la tarea 209: __kasan_kmalloc+0xfc/0x1c4 kasan_kmalloc+0xc/0x14 kmem_cache_alloc_trace+0x1f0/0x 2a0 a6xx_gpu_state_get+0x164/0x25d4 msm_gpu_crashstate_capture+0xa0/0x84c recovery_worker+0x328 /0x838 kthread_worker_fn+0x32c/0x574 kthread+0x2dc/0x39c ret_from_fork+0x10/0x18"}], "id": "CVE-2021-47535", "lastModified": "2024-05-24T18:09:20.027", "metrics": {}, "published": "2024-05-24T15:15:17.120", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/msm/a6xx: Allocate enough space for GMU registers", "id": "2283416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283416"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/msm/a6xx: Allocate enough space for GMU registers\nIn commit 142639a52a01 (\"drm/msm/a6xx: fix crashstate capture for\nA650\") we changed a6xx_get_gmu_registers() to read 3 sets of\nregisters. Unfortunately, we didn't change the memory allocation for\nthe array. That leads to a KASAN warning (this was on the chromeos-5.4\nkernel, which has the problematic commit backported to it):\nBUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430\nWrite of size 8 at addr ffffff80c89432b0 by task A618-worker/209\nCPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22\nHardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT)\nCall trace:\ndump_backtrace+0x0/0x248\nshow_stack+0x20/0x2c\ndump_stack+0x128/0x1ec\nprint_address_description+0x88/0x4a0\n__kasan_report+0xfc/0x120\nkasan_report+0x10/0x18\n__asan_report_store8_noabort+0x1c/0x24\n_a6xx_get_gmu_registers+0x144/0x430\na6xx_gpu_state_get+0x330/0x25d4\nmsm_gpu_crashstate_capture+0xa0/0x84c\nrecover_worker+0x328/0x838\nkthread_worker_fn+0x32c/0x574\nkthread+0x2dc/0x39c\nret_from_fork+0x10/0x18\nAllocated by task 209:\n__kasan_kmalloc+0xfc/0x1c4\nkasan_kmalloc+0xc/0x14\nkmem_cache_alloc_trace+0x1f0/0x2a0\na6xx_gpu_state_get+0x164/0x25d4\nmsm_gpu_crashstate_capture+0xa0/0x84c\nrecover_worker+0x328/0x838\nkthread_worker_fn+0x32c/0x574\nkthread+0x2dc/0x39c\nret_from_fork+0x10/0x18"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47535", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47535\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47535\nhttps://lore.kernel.org/linux-cve-announce/2024052437-CVE-2021-47535-41d3@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.84, kernel 5.15.7, kernel 5.16"}