{
  "threat_severity" : "Moderate",
  "public_date" : "2024-05-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: fbmem: Do not delete the mode that is still in use",
    "id" : "2282422",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2282422"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nfbmem: Do not delete the mode that is still in use\nThe execution of fb_delete_videomode() is not based on the result of the\nprevious fbcon_mode_deleted(). As a result, the mode is directly deleted,\nregardless of whether it is still in use, which may cause UAF.\n==================================================================\nBUG: KASAN: use-after-free in fb_mode_is_equal+0x36e/0x5e0 \\\ndrivers/video/fbdev/core/modedb.c:924\nRead of size 4 at addr ffff88807e0ddb1c by task syz-executor.0/18962\nCPU: 2 PID: 18962 Comm: syz-executor.0 Not tainted 5.10.45-rc1+ #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ...\nCall Trace:\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x137/0x1be lib/dump_stack.c:118\nprint_address_description+0x6c/0x640 mm/kasan/report.c:385\n__kasan_report mm/kasan/report.c:545 [inline]\nkasan_report+0x13d/0x1e0 mm/kasan/report.c:562\nfb_mode_is_equal+0x36e/0x5e0 drivers/video/fbdev/core/modedb.c:924\nfbcon_mode_deleted+0x16a/0x220 drivers/video/fbdev/core/fbcon.c:2746\nfb_set_var+0x1e1/0xdb0 drivers/video/fbdev/core/fbmem.c:975\ndo_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108\nvfs_ioctl fs/ioctl.c:48 [inline]\n__do_sys_ioctl fs/ioctl.c:753 [inline]\n__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739\ndo_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\nentry_SYSCALL_64_after_hwframe+0x44/0xa9\nFreed by task 18960:\nkasan_save_stack mm/kasan/common.c:48 [inline]\nkasan_set_track+0x3d/0x70 mm/kasan/common.c:56\nkasan_set_free_info+0x17/0x30 mm/kasan/generic.c:355\n__kasan_slab_free+0x108/0x140 mm/kasan/common.c:422\nslab_free_hook mm/slub.c:1541 [inline]\nslab_free_freelist_hook+0xd6/0x1a0 mm/slub.c:1574\nslab_free mm/slub.c:3139 [inline]\nkfree+0xca/0x3d0 mm/slub.c:4121\nfb_delete_videomode+0x56a/0x820 drivers/video/fbdev/core/modedb.c:1104\nfb_set_var+0x1f3/0xdb0 drivers/video/fbdev/core/fbmem.c:978\ndo_fb_ioctl+0x4d9/0x6e0 drivers/video/fbdev/core/fbmem.c:1108\nvfs_ioctl fs/ioctl.c:48 [inline]\n__do_sys_ioctl fs/ioctl.c:753 [inline]\n__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739\ndo_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\nentry_SYSCALL_64_after_hwframe+0x44/0xa9", "A vulnerability was found in the Linux kernel's fbmem subsystem. This issue arises when the system attempts to delete a video mode that is still in use, leading to potential use-after-free errors. This improper handling can result in system crashes or undefined behavior when accessing freed memory." ],
  "statement" : "This vulnerability is rated as a moderate severity because this issue affects system reliability by potentially causing errors when video modes are incorrectly managed, but it does not compromise the system's overall security posture or data integrity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:7001",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:7000",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.22.1.el8_10"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-47338\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47338\nhttps://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47338-cd10@gregkh/T" ],
  "name" : "CVE-2021-47338",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}