{"id":"CVE-2021-47280","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix use-after-free read in drm_getunique()\n\nThere is a time-of-check-to-time-of-use error in drm_getunique() due\nto retrieving file_priv-\u003emaster prior to locking the device's master\nmutex.\n\nAn example can be seen in the crash report of the use-after-free error\nfound by Syzbot:\nhttps://syzkaller.appspot.com/bug?id=148d2f1dfac64af52ffd27b661981a540724f803\n\nIn the report, the master pointer was used after being freed. This is\nbecause another process had acquired the device's master mutex in\ndrm_setmaster_ioctl(), then overwrote fpriv-\u003emaster in\ndrm_new_set_master(). The old value of fpriv-\u003emaster was subsequently\nfreed before the mutex was unlocked.\n\nTo fix this, we lock the device's master mutex before retrieving the\npointer from from fpriv-\u003emaster. This patch passes the Syzbot\nreproducer test.","modified":"2026-03-13T05:19:25.396856Z","published":"2024-05-21T15:15:16.277Z","related":["SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2183-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2185-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/17dab9326ff263c62dab1dbac4492e2938a049e4"},{"type":"FIX","url":"https://git.kernel.org/stable/c/491d52e0078860b33b6c14f0a7ac74ca1b603bd6"},{"type":"FIX","url":"https://git.kernel.org/stable/c/7d233ba700ceb593905ea82b42dadb4ec8ef85e9"},{"type":"FIX","url":"https://git.kernel.org/stable/c/b246b4c70c1250e7814f409b243000f9c0bf79a3"},{"type":"FIX","url":"https://git.kernel.org/stable/c/b436acd1cf7fac0ba987abd22955d98025c80c2b"},{"type":"FIX","url":"https://git.kernel.org/stable/c/f773f8cccac13c7e7bbd9182e7996c727742488e"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.14.237"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.195"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.126"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.44"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.12.11"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc5"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47280.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}