CVE-2021-47534 in Linux
Summary
by MITRE • 05/24/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Add missing drm_crtc_commit_put
Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC commit so that we can properly synchronize commits.
However, the refcounting was off and we thus ended up leaking the drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to prevent the leakage.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/08/2024
The vulnerability identified as CVE-2021-47534 resides within the Linux kernel's graphics subsystem, specifically affecting the vc4 display driver component that manages the Hardware Video Scaler for the VideoCore IV processor. This issue manifests as a memory leak within the Direct Rendering Manager (DRM) framework's KMS (Kernel Mode Setting) implementation, where the drm_crtc_commit structure fails to be properly released during display commit operations. The flaw was introduced through commit 9ec03d7f1ed3 which implemented a global state mechanism for the HVS to synchronize commits across different FIFOs, but the refcounting logic became inconsistent, leading to resource management failures.
The technical root cause of this vulnerability stems from improper reference counting within the DRM CRTC (Cathode Ray Tube Controller) commit management system. When the HVS global state was introduced to coordinate commits between different FIFO users, the developers inadvertently created a scenario where each drm_crtc_commit structure was acquired but never properly released. This represents a classic memory leak pattern where allocated kernel memory structures are not returned to the system, leading to gradual resource exhaustion over time. The vulnerability specifically affects the vc4 driver's KMS implementation and operates at the kernel level where memory management is critical for system stability and security.
The operational impact of this memory leak extends beyond simple resource consumption, as it can lead to progressive system degradation and potential denial of service conditions. While the immediate effect may appear benign, the cumulative nature of the leak means that systems running graphics-intensive workloads or those with frequent display commits will experience increasing memory pressure. The vulnerability is particularly concerning in embedded systems or devices where memory resources are constrained, as the gradual consumption of kernel memory can eventually lead to system instability or complete system crashes. From a security perspective, this leak could potentially be exploited in combination with other vulnerabilities to create more severe attack vectors, though the direct security implications remain primarily related to resource exhaustion rather than arbitrary code execution.
Mitigation strategies for CVE-2021-47534 involve applying the official kernel patch that adds the missing drm_crtc_commit_put call to properly release the reference count on the commit structure. System administrators should prioritize updating to kernel versions that contain this fix, particularly in production environments where graphics performance and stability are critical. The fix aligns with CWE-401, which specifically addresses improper release of memory, and follows ATT&CK technique T1499.004 for resource exhaustion attacks. Organizations should also implement monitoring for unusual memory consumption patterns in graphics subsystems, as this type of leak can serve as an indicator of other underlying issues. Regular kernel updates and security patch management processes should be maintained to prevent similar issues from arising in other subsystems, as proper reference counting and resource management remain fundamental requirements for kernel stability and security.