CVE-2021-47063: drm: bridge/panel: Cleanup connector on bridge detach
In the Linux kernel, the following vulnerability has been resolved:
drm: bridge/panel: Cleanup connector on bridge detach
If we don't call drm_connector_cleanup() manually in
panel_bridge_detach(), the connector will be cleaned up with the other
DRM objects in the call to drm_mode_config_cleanup(). However, since our
drm_connector is devm-allocated, by the time drm_mode_config_cleanup()
will be called, our connector will be long gone. Therefore, the
connector must be cleaned up when the bridge is detached to avoid
use-after-free conditions.
v2: Cleanup connector only if it was created
v3: Add FIXME
v4: (Use connector->dev) directly in if() block
Security readout for executives and security teams
Plain-English summary
A Linux kernel graphics display bridge/panel cleanup bug can leave stale connector state during detach, creating use-after-free risk. The sources do not provide CVSS, exploitability, or a named attacker path. Treat it as a kernel stability and potential privilege-boundary issue where affected display bridge/panel code is present.
Executive priority
Handle through normal kernel patch governance unless your fleet includes exposed embedded, kiosk, display-appliance, or custom hardware systems. There is no cited evidence of active exploitation, but kernel use-after-free bugs deserve timely remediation once vendor-fixed packages are available.
Technical view
panel_bridge_detach() did not manually call drm_connector_cleanup() before a devm-allocated drm_connector could disappear. Later drm_mode_config_cleanup() could encounter freed connector state, creating use-after-free conditions. The referenced stable commits add connector cleanup when a connector was created.
Likely exposure
Exposure is likely limited to Linux systems running affected kernel builds with relevant DRM bridge/panel paths. The CVE data lists Linux kernel versions including 4.13, 5.10.37, 5.11.21, 5.12.4, and 5.13, but downstream distribution backports must be checked.
Exploitation context
The provided sources do not show active exploitation, public exploit code, KEV listing, CVSS, or a practical attacker workflow. The issue is described as a use-after-free condition in kernel graphics cleanup behavior, so impact depends on reachability of bridge detach operations in a given system.
Researcher notes
The record is sparse: no CWE, CVSS, exploit status, or detailed affected driver matrix is provided. Analysis should focus on commit presence, distro backports, and whether panel_bridge_detach() can be reached on deployed hardware. Avoid assuming remote exploitability from the available evidence.
Mitigation direction
Check vendor kernel advisories for CVE-2021-47063 coverage and backported fixes.
Update to a kernel containing the referenced stable cleanup commits.
Prioritize systems with custom display hardware, embedded panels, or DRM bridge usage.
If patching is delayed, reduce exposure of affected hardware paths where operationally feasible.
Validation and detection
Inventory kernel versions and distribution patch levels on Linux systems.
Confirm whether the referenced stable commits are present or backported.
Review hardware profiles for DRM bridge or panel driver usage.
Monitor vendor advisories for corrected affected-version ranges and severity scoring.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47063 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.