CVE-2021-47659

In the Linux kernel, the following vulnerability has been resolved:

drm/plane: Move range check for format_count earlier

While the check for format_count > 64 in __drm_universal_plane_init()
shouldn't be hit (it's a WARN_ON), in its current position it will then
leak the plane->format_types array and fail to call
drm_mode_object_unregister() leaking the modeset identifier. Move it to
the start of the function to avoid allocating those resources in the
first place.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
linuxlinux_kernel
4.14 ≤
𝑥
< 4.19.247
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.198
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.121
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.46
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.14
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/1e29d829ad51d1472dd035487953a6724b56fc33
https://git.kernel.org/stable/c/4ab7e453a3ee88c274cf97bee9487ab92a66d313
https://git.kernel.org/stable/c/4b674dd69701c2e22e8e7770c1706a69f3b17269
https://git.kernel.org/stable/c/787163d19bc3cdc6ca4b96223f62208534d1cf6b
https://git.kernel.org/stable/c/978e3d023256bfaf34a0033d40c94e8a8e70cf3c
https://git.kernel.org/stable/c/ad6dd7a2bac86118985c7b3426e175b9d3c1ec4f
https://git.kernel.org/stable/c/b5cd108143513e4498027b96ec4710702d186f11