CVE-2021-47338: fbmem: Do not delete the mode that is still in use

Published May 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

fbmem: Do not delete the mode that is still in use

The execution of fbdeletevideomode() is not based on the result of the previous fbconmodedeleted(). As a result, the mode is directly deleted, regardless of whether it is still in use, which may cause UAF.

================================================================== BUG: KASAN: use-after-free in fbmodeisequal+0x36e/0x5e0 \ drivers/video/fbdev/core/modedb.c:924 Read of size 4 at addr ffff88807e0ddb1c by task syz-executor.0/18962

CPU: 2 PID: 18962 Comm: syz-executor.0 Not tainted 5.10.45-rc1+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Call Trace: dumpstack lib/dumpstack.c:77 [inline] dumpstack+0x137/0x1be lib/dumpstack.c:118 printaddressdescription+0x6c/0x640 mm/kasan/report.c:385 kasanreport mm/kasan/report.c:545 [inline] kasanreport+0x13d/0x1e0 mm/kasan/report.c:562 fbmodeisequal+0x36e/0x5e0 drivers/video/fbdev/core/modedb.c:924 fbconmodedeleted+0x16a/0x220 drivers/video/fbdev/core/fbcon.c:2746 fbsetvar+0x1e1/0xdb0 drivers/video/fbdev/core/fbmem.c:975 dofbioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108 vfsioctl fs/ioctl.c:48 [inline] dosysioctl fs/ioctl.c:753 [inline] sesysioctl+0xfb/0x170 fs/ioctl.c:739 dosyscall64+0x2d/0x70 arch/x86/entry/common.c:46 entrySYSCALL64afterhwframe+0x44/0xa9

Freed by task 18960: kasansavestack mm/kasan/common.c:48 [inline] kasansettrack+0x3d/0x70 mm/kasan/common.c:56 kasansetfreeinfo+0x17/0x30 mm/kasan/generic.c:355 kasanslabfree+0x108/0x140 mm/kasan/common.c:422 slabfreehook mm/slub.c:1541 [inline] slabfreefreelisthook+0xd6/0x1a0 mm/slub.c:1574 slabfree mm/slub.c:3139 [inline] kfree+0xca/0x3d0 mm/slub.c:4121 fbdeletevideomode+0x56a/0x820 drivers/video/fbdev/core/modedb.c:1104 fbsetvar+0x1f3/0xdb0 drivers/video/fbdev/core/fbmem.c:978 dofbioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108 vfsioctl fs/ioctl.c:48 [inline] dosysioctl fs/ioctl.c:753 [inline] sesysioctl+0xfb/0x170 fs/ioctl.c:739 dosyscall64+0x2d/0x70 arch/x86/entry/common.c:46 entrySYSCALL64afterhwframe+0x44/0xa9

Other sources

In the Linux kernel, the following vulnerability has been resolved:

fbmem: Do not delete the mode that is still in use

The Linux kernel CVE team has assigned CVE-2021-47338 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47338-cd10@gregkh/T

Red Hat

Affected Software

14 affected componentsFixes available
redhat/kernel<5.4.134
5.4.134
redhat/kernel<5.10.52
5.10.52
redhat/kernel<5.12.19
5.12.19
redhat/kernel<5.13.4
5.13.4
redhat/kernel<5.14
5.14
Linux Linux kernel>=5.3<5.4.134
Linux Linux kernel>=5.5<5.10.52
Linux Linux kernel>=5.11<5.12.19
Linux Linux kernel>=5.13<5.13.4
Linux Linux kernel=5.14-rc1
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/087bff9acd2ec6db3f61aceb3224bde90fe0f7f8

Patch Available

https://git.kernel.org/stable/c/0af778269a522c988ef0b4188556aba97fb420cc

Patch Available

https://git.kernel.org/stable/c/359311b85ebec7c07c3a08ae2f3def946cad33fa

Patch Available

https://git.kernel.org/stable/c/d6e76469157d8f240e5dec6f8411aa8d306b1126

Patch Available

https://git.kernel.org/stable/c/f193509afc7ff37a46862610c93b896044d5b693

Event History

May 21, 2024
CVE Published
via MITRE·02:35 PM
Data Sourced
via MITRE·02:35 PM
Description
May 22, 2024
Data Sourced
via Red Hat·11:34 AM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-47338?

CVE-2021-47338 has been assigned a medium severity rating due to its potential impact on system stability.

2

How do I fix CVE-2021-47338?

To fix CVE-2021-47338, upgrade the Linux kernel to versions 5.4.134, 5.10.52, 5.12.19, 5.13.4, or 5.14.

3

Which versions of Linux are affected by CVE-2021-47338?

CVE-2021-47338 affects Linux kernel versions prior to 5.4.134, 5.10.52, 5.12.19, 5.13.4, and 5.14.

4

What is the nature of the vulnerability in CVE-2021-47338?

The vulnerability in CVE-2021-47338 relates to improper handling of video modes in the framebuffer subsystem.

5

Is there a known exploit for CVE-2021-47338?

As of now, there are no reported public exploits specifically targeting CVE-2021-47338.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203