CVE-2021-47142 in Linux
Summary
by MITRE • 03/25/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix a use-after-free
looks like we forget to set ttm->sg to NULL. Hit panic below
[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI
[ 1235.989074] Call Trace:
[ 1235.991751] sg_free_table+0x17/0x20
[ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu]
[ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu]
[ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm]
[ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm]
[ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm]
[ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm]
[ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu]
[ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu]
[ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu]
[ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/23/2025
The vulnerability CVE-2021-47142 represents a critical use-after-free condition within the Linux kernel's amdgpu driver subsystem, specifically affecting the graphics processing unit memory management components. This flaw manifests in the drm/amdgpu module where a pointer reference becomes invalid after the associated memory has been freed, creating a potential avenue for system instability and arbitrary code execution. The issue stems from a missing null pointer assignment during the memory cleanup process, where the ttm->sg field is not properly set to NULL, leaving dangling references that can be accessed after deallocation.
The technical implementation of this vulnerability occurs within the ttm (Translation Table Manager) subsystem which handles memory management for graphics hardware. When the amdgpu driver processes memory allocation and deallocation operations, particularly during the destruction of TTM backends, the sg (scatter-gather) table reference remains pointing to freed memory locations. This condition triggers a general protection fault when the system attempts to access the freed memory region, as evidenced by the kernel panic output showing address 0x6b6b6b6b6b6b7b4b which represents the typical pattern left by freed kernel memory. The call trace demonstrates a clear path through the memory management stack where sg_free_table attempts to process a stale scatter-gather table reference, leading to system termination.
The operational impact of this vulnerability extends beyond simple system crashes, as it creates potential security risks for systems running affected kernel versions. Attackers could potentially exploit this use-after-free condition to execute arbitrary code with kernel privileges, especially in environments where graphics processing is heavily utilized such as servers, workstations, or embedded systems. The vulnerability affects systems using AMD graphics hardware with the amdgpu driver, particularly when memory-intensive graphics operations are performed, making it relevant to gaming platforms, professional graphics workstations, and data center environments that rely on GPU acceleration. The condition is particularly dangerous because it occurs during normal graphics memory management operations, making detection difficult and exploitation potentially reliable.
Mitigation strategies for CVE-2021-47142 primarily involve applying the official kernel patch that ensures proper nullification of the ttm->sg pointer during memory cleanup operations. System administrators should prioritize updating to kernel versions containing the fix, typically kernel versions 5.12 or later where the vulnerability has been resolved. Additionally, organizations should implement monitoring for unusual system behavior or kernel panics that might indicate exploitation attempts. The fix aligns with CWE-416, which addresses use-after-free vulnerabilities, and follows security best practices outlined in the ATT&CK framework under T1059 for system execution and T1068 for exploit development. Regular kernel updates and security audits should be maintained to prevent similar vulnerabilities from arising in the graphics driver subsystem, particularly given the complex memory management operations involved in GPU resource handling.