{"id":"CVE-2021-20292","details":"There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.","aliases":["A-189986136","PUB-A-189986136"],"modified":"2026-03-13T00:47:36.308023Z","published":"2021-05-28T11:15:08.130Z","related":["SUSE-SU-2022:1651-1","SUSE-SU-2022:1668-1","SUSE-SU-2022:1669-1","SUSE-SU-2022:1676-1","SUSE-SU-2022:1686-1","SUSE-SU-2022:1687-1","SUSE-SU-2022:2077-1","SUSE-SU-2022:2082-1","SUSE-SU-2022:2083-1","SUSE-SU-2022:2103-1","SUSE-SU-2022:2111-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939686"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.3"},{"fixed":"4.9.298"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.263"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.140"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.59"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.7.16"}]},{"events":[{"introduced":"5.8"},{"fixed":"5.8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20292.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}