{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T18:46:00.811","vulnerabilities":[{"cve":{"id":"CVE-2021-47200","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-04-10T19:15:48.077","lastModified":"2025-01-07T17:12:06.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm\/prime: Fix use after free in mmap with drm_gem_ttm_mmap\n\ndrm_gem_ttm_mmap() drops a reference to the gem object on success. If\nthe gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that\ndrop will free the gem object, and the subsequent drm_gem_object_get()\nwill be a UAF. Fix by grabbing a reference before calling the mmap\nhelper.\n\nThis issue was forseen when the reference dropping was adding in\ncommit 9786b65bc61ac (\"drm\/ttm: fix mmap refcounting\"):\n  \"For that to work properly the drm_gem_object_get() call in\n  drm_gem_ttm_mmap() must be moved so it happens before calling\n  obj->funcs->mmap(), otherwise the gem refcount would go down\n  to zero.\""},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm\/prime: Arreglar el use-after-free en mmap con drm_gem_ttm_mmap drm_gem_ttm_mmap() elimina una referencia al objeto gema en caso de éxito. Si el refcount del objeto gema == 1 en la entrada a drm_gem_prime_mmap(), esa eliminación liberará el objeto gema y el drm_gem_object_get() posterior será un UAF. Se soluciona tomando una referencia antes de llamar al ayudante mmap. Este problema se previó cuando se agregó la eliminación de referencia en el commit 9786b65bc61ac (\"drm\/ttm: corregir el recuento de referencias mmap\"): \"Para que eso funcione correctamente, la llamada drm_gem_object_get() en drm_gem_ttm_mmap() debe moverse para que suceda antes de llamar a obj->funcs->mmap(), de lo contrario, el recuento de referencias de la gema bajaría a cero\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.5","matchCriteriaId":"24C2E67E-369B-4DC4-89C9-101DE1BAA919"}]}]}],"references":[{"url":"https:\/\/git.kernel.org\/stable\/c\/4f8e469a2384dfa4047145b0093126462cbb6dc0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/8244a3bc27b3efd057da154b8d7e414670d5044f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/4f8e469a2384dfa4047145b0093126462cbb6dc0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/8244a3bc27b3efd057da154b8d7e414670d5044f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}