LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47659: drm/plane: Move range check for format_count earlier

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for format_count earlier While the check for format_count > 64 in __drm_universal_plane_init() shouldn't be hit (it's a WARN_ON), in its current position it will then leak the plane->format_types array and fail to call drm_mode_object_unregister() leaking the modeset identifier. Move it to the start of the function to avoid allocating those resources in the first place.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

CVE-2021-47659 is a Linux kernel DRM graphics subsystem resource leak. A sanity check ran too late, so an unexpected plane format count could leak allocated memory and a modeset identifier during initialization. Public sources do not show active exploitation, CVSS, or broad user-triggerable impact.

Executive priority

Treat as routine kernel hygiene unless you run custom graphics drivers or high-density Linux desktop/GPU infrastructure. Patch through normal maintenance windows, and rely on distribution guidance for exact applicability.

Technical view

In __drm_universal_plane_init(), the format_count > 64 WARN_ON check occurred after allocating plane->format_types and registering a mode object. If hit, cleanup was incomplete. The fix moves the range check earlier to avoid allocating resources before rejecting the invalid condition.

Likely exposure

Exposure is mainly Linux systems with affected kernel versions and DRM/KMS graphics drivers. The described condition should not normally occur, according to the kernel commit text. Risk is higher for systems using unusual, custom, or out-of-tree graphics driver paths.

Exploitation context

No KEV listing or cited source indicates active exploitation. The source describes a defensive cleanup bug around an unexpected initialization condition, not a documented remote attack path. Practical exploitation evidence is incomplete from the provided sources.

Researcher notes

The issue is a resource leak on an error path in DRM plane initialization. The commit says the condition should not be hit. Sources lack CVSS, CWE, exploitability analysis, or user-space trigger details, so impact should be assessed conservatively.

Mitigation direction

  • Update to a Linux kernel or distribution package containing the referenced stable fixes.
  • Check your Linux distribution’s advisory for the exact fixed package version.
  • Prioritize systems with graphics stacks, DRM/KMS usage, or custom kernel drivers.
  • Avoid assuming upstream commit hashes directly map to vendor package versions.

Validation and detection

  • Inventory Linux kernel versions across affected hosts.
  • Confirm vendor kernel packages include the relevant DRM plane fix.
  • Review kernel changelogs for the referenced stable commit IDs.
  • Check for custom or out-of-tree DRM drivers in sensitive environments.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47659 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
8Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxe6fc3b68558e4c6d8d160b5daf2511b99afa8814, e6fc3b68558e4c6d8d160b5daf2511b99afa8814, e6fc3b68558e4c6d8d160b5daf2511b99afa8814, e6fc3b68558e4c6d8d160b5daf2511b99afa8814, e6fc3b68558e4c6d8d160b5daf2511b99afa8814, e6fc3b68558e4c6d8d160b5daf2511b99afa8814, e6fc3b68558e4c6d8d160b5daf2511b99afa8814unaffected
LinuxLinux4.14, 0, 4.19.247, 5.4.198, 5.10.121, 5.15.46, 5.17.14, 5.18.3, 5.19affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.