#VU104766 Improper error handling in Linux kernel - CVE-2021-47657

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104766

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47657

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the virtio_gpu_array_put_free() function in drivers/gpu/drm/virtio/virtgpu_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/6b79f96f4a23846516e5e6e4dd37fc06f43a60dd
https://git.kernel.org/stable/c/abc9ad36df16e27ac1c665085157f1a082d39bac
https://git.kernel.org/stable/c/ac92b474eeeed75b8660374ba1d129a121c09da8
https://git.kernel.org/stable/c/b094fece3810c71ceee6f0921676cb65d4e68c5a

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper error handling in Linux kernel drm virtio driver