Wiz
Vulnerability DatabaseCVE-2021-47658

CVE-2021-47658
Linux Debian vulnerability analysis and mitigation

Overview

CVE-2021-47658 affects the Linux kernel's AMD GPU driver, specifically related to memory management in the DRM (Direct Rendering Manager) subsystem. The vulnerability was discovered in the AMD PowerPlay component, where a potential memory leak exists in the gpumetricstable allocation within the Renoir GPU support implementation (Kernel Git).

Technical details

The vulnerability stems from memory being allocated for gpumetricstable in the renoirinitsmctables() function but not being properly freed in smuv120finismctables(). This issue was introduced in commit 95868b85764a which added Renoir support for GPU metrics export (Kernel Git).

Impact

The memory leak could potentially lead to resource exhaustion over time in systems running affected versions of the Linux kernel with AMD Renoir GPUs. This may result in degraded system performance or stability issues (Ubuntu Security).

Mitigation and workarounds

The issue has been fixed by adding proper memory deallocation code in the smuv120finismctables() function. The fix involves adding 'kfree(smutable->gpumetricstable)' and setting the pointer to NULL. Users should update to patched kernel versions that include this fix (Kernel Git).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo