CVE-2021-47657

MEDIUM

Linux Kernel 5.11.20-5.12 - NULL Pointer Dereference in virtio_gpu_array_put_free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it happened in the bug report by syzbot), virtio_gpu_array_put_free() could be called with objs equal to NULL. Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise return from the function.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/b094fece3810c71ceee6f0921676cb65d4e68c5a

Patch

https://git.kernel.org/stable/c/ac92b474eeeed75b8660374ba1d129a121c09da8

Patch

https://git.kernel.org/stable/c/abc9ad36df16e27ac1c665085157f1a082d39bac

Patch

https://git.kernel.org/stable/c/6b79f96f4a23846516e5e6e4dd37fc06f43a60dd

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 16.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (15)

Linux/Linux < 5.13

Linux/Linux 1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993ae

Linux/Linux 244dbb4abe123779ec30e7c6ca283a681aba5c94

Linux/Linux 377f8331d0565e6f71ba081c894029a92d0c7e77 - 6b79f96f4a23846516e5e6e4dd37fc06f43a60dd

Linux/Linux 377f8331d0565e6f71ba081c894029a92d0c7e77 - abc9ad36df16e27ac1c665085157f1a082d39bac

Linux/Linux 377f8331d0565e6f71ba081c894029a92d0c7e77 - ac92b474eeeed75b8660374ba1d129a121c09da8

Linux/Linux 377f8331d0565e6f71ba081c894029a92d0c7e77 - b094fece3810c71ceee6f0921676cb65d4e68c5a

Linux/Linux 5.11.20 - 5.12

Linux/Linux 5.12.3 - 5.13

Linux/Linux 5.13

... and 5 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026