Linux Kernel up to 5.10.50/5.12.17/5.13.2 AMD Display initialization

Summaryinfo

A vulnerability was found in Linux Kernel up to 5.10.50/5.12.17/5.13.2. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component AMD Display. Performing a manipulation results in initialization. This vulnerability was named CVE-2021-47348. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.50/5.12.17/5.13.2. This affects an unknown code block of the component AMD Display. The manipulation with an unknown input leads to a initialization vulnerability. CWE is classifying the issue as CWE-665. The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64.

It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2021-47348 since 05/21/2024. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 5.10.51, 5.12.18 or 5.13.3 eliminates this vulnerability. Applying the patch c5b518f4b98d/44c7c901cb36/3b2b93a485fb/06888d571b51 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.10.0
• 5.10.1
• 5.10.2
• 5.10.3
• 5.10.4
• 5.10.5
• 5.10.6
• 5.10.7
• 5.10.8
• 5.10.9
• 5.10.10
• 5.10.11
• 5.10.12
• 5.10.13
• 5.10.14
• 5.10.15
• 5.10.16
• 5.10.17
• 5.10.18
• 5.10.19
• 5.10.20
• 5.10.21
• 5.10.22
• 5.10.23
• 5.10.24
• 5.10.25
• 5.10.26
• 5.10.27
• 5.10.28
• 5.10.29
• 5.10.30
• 5.10.31
• 5.10.32
• 5.10.33
• 5.10.34
• 5.10.35
• 5.10.36
• 5.10.37
• 5.10.38
• 5.10.39
• 5.10.40
• 5.10.41
• 5.10.42
• 5.10.43
• 5.10.44
• 5.10.45
• 5.10.46
• 5.10.47
• 5.10.48
• 5.10.49
• 5.10.50
• 5.12.0
• 5.12.1
• 5.12.2
• 5.12.3
• 5.12.4
• 5.12.5
• 5.12.6
• 5.12.7
• 5.12.8
• 5.12.9
• 5.12.10
• 5.12.11
• 5.12.12
• 5.12.13
• 5.12.14
• 5.12.15
• 5.12.16
• 5.12.17
• 5.13.0
• 5.13.1
• 5.13.2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion