{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2021-47280","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T13:27:52.128Z","datePublished":"2024-05-21T14:20:06.852Z","dateUpdated":"2025-12-18T11:36:26.671Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-18T11:36:26.671Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix use-after-free read in drm_getunique()\n\nThere is a time-of-check-to-time-of-use error in drm_getunique() due\nto retrieving file_priv->master prior to locking the device's master\nmutex.\n\nAn example can be seen in the crash report of the use-after-free error\nfound by Syzbot:\nhttps://syzkaller.appspot.com/bug?id=148d2f1dfac64af52ffd27b661981a540724f803\n\nIn the report, the master pointer was used after being freed. This is\nbecause another process had acquired the device's master mutex in\ndrm_setmaster_ioctl(), then overwrote fpriv->master in\ndrm_new_set_master(). The old value of fpriv->master was subsequently\nfreed before the mutex was unlocked.\n\nTo fix this, we lock the device's master mutex before retrieving the\npointer from from fpriv->master. This patch passes the Syzbot\nreproducer test."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/drm_ioctl.c"],"versions":[{"version":"5acc614ac47465fee6375a9af4740f618830762d","lessThan":"17dab9326ff263c62dab1dbac4492e2938a049e4","status":"affected","versionType":"git"},{"version":"5acc614ac47465fee6375a9af4740f618830762d","lessThan":"7d233ba700ceb593905ea82b42dadb4ec8ef85e9","status":"affected","versionType":"git"},{"version":"5acc614ac47465fee6375a9af4740f618830762d","lessThan":"b246b4c70c1250e7814f409b243000f9c0bf79a3","status":"affected","versionType":"git"},{"version":"5acc614ac47465fee6375a9af4740f618830762d","lessThan":"491d52e0078860b33b6c14f0a7ac74ca1b603bd6","status":"affected","versionType":"git"},{"version":"5acc614ac47465fee6375a9af4740f618830762d","lessThan":"f773f8cccac13c7e7bbd9182e7996c727742488e","status":"affected","versionType":"git"},{"version":"5acc614ac47465fee6375a9af4740f618830762d","lessThan":"b436acd1cf7fac0ba987abd22955d98025c80c2b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/drm_ioctl.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"4.14.237","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.195","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.126","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.44","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.11","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"4.14.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"4.19.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.4.126"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.12.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17dab9326ff263c62dab1dbac4492e2938a049e4"},{"url":"https://git.kernel.org/stable/c/7d233ba700ceb593905ea82b42dadb4ec8ef85e9"},{"url":"https://git.kernel.org/stable/c/b246b4c70c1250e7814f409b243000f9c0bf79a3"},{"url":"https://git.kernel.org/stable/c/491d52e0078860b33b6c14f0a7ac74ca1b603bd6"},{"url":"https://git.kernel.org/stable/c/f773f8cccac13c7e7bbd9182e7996c727742488e"},{"url":"https://git.kernel.org/stable/c/b436acd1cf7fac0ba987abd22955d98025c80c2b"}],"title":"drm: Fix use-after-free read in drm_getunique()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:08.124Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/17dab9326ff263c62dab1dbac4492e2938a049e4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7d233ba700ceb593905ea82b42dadb4ec8ef85e9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b246b4c70c1250e7814f409b243000f9c0bf79a3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/491d52e0078860b33b6c14f0a7ac74ca1b603bd6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f773f8cccac13c7e7bbd9182e7996c727742488e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b436acd1cf7fac0ba987abd22955d98025c80c2b","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47280","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:39:32.193453Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:10.272Z"}}]}}