LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47063: drm: bridge/panel: Cleanup connector on bridge detach

In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_mode_config_cleanup(). However, since our drm_connector is devm-allocated, by the time drm_mode_config_cleanup() will be called, our connector will be long gone. Therefore, the connector must be cleaned up when the bridge is detached to avoid use-after-free conditions. v2: Cleanup connector only if it was created v3: Add FIXME v4: (Use connector->dev) directly in if() block

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

A Linux kernel graphics display bridge/panel cleanup bug can leave stale connector state during detach, creating use-after-free risk. The sources do not provide CVSS, exploitability, or a named attacker path. Treat it as a kernel stability and potential privilege-boundary issue where affected display bridge/panel code is present.

Executive priority

Handle through normal kernel patch governance unless your fleet includes exposed embedded, kiosk, display-appliance, or custom hardware systems. There is no cited evidence of active exploitation, but kernel use-after-free bugs deserve timely remediation once vendor-fixed packages are available.

Technical view

panel_bridge_detach() did not manually call drm_connector_cleanup() before a devm-allocated drm_connector could disappear. Later drm_mode_config_cleanup() could encounter freed connector state, creating use-after-free conditions. The referenced stable commits add connector cleanup when a connector was created.

Likely exposure

Exposure is likely limited to Linux systems running affected kernel builds with relevant DRM bridge/panel paths. The CVE data lists Linux kernel versions including 4.13, 5.10.37, 5.11.21, 5.12.4, and 5.13, but downstream distribution backports must be checked.

Exploitation context

The provided sources do not show active exploitation, public exploit code, KEV listing, CVSS, or a practical attacker workflow. The issue is described as a use-after-free condition in kernel graphics cleanup behavior, so impact depends on reachability of bridge detach operations in a given system.

Researcher notes

The record is sparse: no CWE, CVSS, exploit status, or detailed affected driver matrix is provided. Analysis should focus on commit presence, distro backports, and whether panel_bridge_detach() can be reached on deployed hardware. Avoid assuming remote exploitability from the available evidence.

Mitigation direction

  • Check vendor kernel advisories for CVE-2021-47063 coverage and backported fixes.
  • Update to a kernel containing the referenced stable cleanup commits.
  • Prioritize systems with custom display hardware, embedded panels, or DRM bridge usage.
  • If patching is delayed, reduce exposure of affected hardware paths where operationally feasible.

Validation and detection

  • Inventory kernel versions and distribution patch levels on Linux systems.
  • Confirm whether the referenced stable commits are present or backported.
  • Review hardware profiles for DRM bridge or panel driver usage.
  • Monitor vendor advisories for corrected affected-version ranges and severity scoring.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47063 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux13dfc0540a575b47b2d640b093ac16e9e09474f6, 13dfc0540a575b47b2d640b093ac16e9e09474f6, 13dfc0540a575b47b2d640b093ac16e9e09474f6, 13dfc0540a575b47b2d640b093ac16e9e09474f6unaffected
LinuxLinux4.13, 0, 5.10.37, 5.11.21, 5.12.4, 5.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.