Improper error handling in Linux kernel msm adreno driver

1) Improper error handling

EUVDB-ID: #VU90931

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47447

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the a3xx_gpu_init() function in drivers/gpu/drm/msm/adreno/a3xx_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.14 - 5.15 rc7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:5.14:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14:rc1:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14:rc2:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14:rc3:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14:rc4:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14:rc7:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14.0-49.el9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14.1:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14.2:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:5.14.3:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/d59e44e7821a8f2bb6f2e846b9167397a5f01608
https://git.kernel.org/stable/c/3eda901995371d390ef82d0b6462f4ea8efbcfdf
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.