CVE-2021-20292

CVSS v3.1 6.7 (Medium)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (13^th)

Affected Products 4

Advisories 14

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-05-28 11:15:08
(3 years ago)
Updated Date: 2023-07-28 19:35:59
(13 months ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.3 version and prior 4.9.298 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 4.9.298
Linux Kernel from 4.10 version and prior 4.14.263 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.263
Linux Kernel from 4.15 version and prior 4.19.140 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.140
Linux Kernel from 4.20 version and prior 5.4.59 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.59
Linux Kernel from 5.5 version and prior 5.7.16 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.7.16
Linux Kernel from 5.8 version and prior 5.8.2 version	cpe:2.3:o:linux:linux_kernel	>= 5.8	< 5.8.2

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33

Configuration #3

		CPE23	From	Up To
	Redhat Enterprise Linux 6.0	cpe:2.3:o:redhat:enterprise_linux:6.0
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0

Configuration #4

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Weaknesses

Affected Products

Debian

Fedoraproject

Linux

Redhat

Configuration #1

Configuration #2

Configuration #3

Configuration #4