CVE-2021-47200 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2021-47200?

CVE-2021-47200 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem that allows local attackers to potentially escalate privileges or crash the system. The vulnerability occurs when mmap operations on graphics memory objects incorrectly handle reference counting, leading to memory corruption. Any system running an affected Linux kernel version with DRM/prime functionality enabled is vulnerable.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem that allows local attackers to potentially escalate privileges or crash the system. The vulnerability occurs when mmap operations on graphics memory objects incorrectly handle reference counting, leading to memory corruption. Any system running an affected Linux kernel version with DRM/prime functionality enabled is vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with the vulnerable commit 9786b65bc61ac ("drm/ttm: fix mmap refcounting") up to the fix commits. Specifically affects versions where drm_gem_ttm_mmap() was introduced without proper reference handling.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires DRM/prime functionality enabled (common in systems with graphics hardware). Systems without graphics hardware or with DRM disabled may not be vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic leading to denial of service, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel crash/panic causing system instability or denial of service, potentially allowing privilege escalation in specific configurations.

🟢

If Mitigated

Limited impact due to SELinux/AppArmor restrictions, container isolation, or lack of local access.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory layout. The vulnerability is in a specific graphics subsystem path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 4f8e469a2384dfa4047145b0093126462cbb6dc0 and 8244a3bc27b3efd057da154b8d7e414670d5044f

Vendor Advisory: https://git.kernel.org/stable/c/4f8e469a2384dfa4047145b0093126462cbb6dc0

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for patched kernel packages. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable DRM/prime functionality

linux

Disable the affected graphics subsystem if not needed

echo "blacklist drm" > /etc/modprobe.d/disable-drm.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access and implement strict privilege separation
Enable kernel security features like SELinux/AppArmor to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if it contains the vulnerable commit: uname -r and examine kernel source or distribution security advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to one containing fix commits, or test mmap operations on DRM objects

📡 Detection & Monitoring

Log Indicators:

Kernel oops/panic messages related to drm_gem_ttm_mmap
System crashes during graphics operations
Unexpected process termination with memory corruption errors

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("drm_gem_ttm_mmap" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2021-47200

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 10, 2024

Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47200, you might also want to check these: