| The vulnerability CVE-2021-47327 occurs in the Linux kernel's ARM SMMU (System MMU) driver. Specifically, it affects the `arm_smmu_rpm_get` function, which is responsible for getting a runtime PM reference to an SMMU device. When this function fails, it increments the reference count of the "smmu" device using `pm_runtime_get_sync`, but the caller functions do not decrement the reference count when the function returns an error. This leads to a reference count leak. |
| |
| The issue arises because `arm_smmu_rpm_get` does not properly handle errors and fails to release the runtime PM reference in certain scenarios. To fix this, the kernel developers replaced the call to `pm_runtime_get_sync` with `pm_runtime_resume_and_get`, which ensures that the reference count is balanced even when the function fails. |
| |
| The vulnerability has been fixed in various kernel versions, including 5.4.134, 5.10.52, 5.12.19, 5.13.4, and 5.14. The affected file is `drivers/iommu/arm/arm-smmu/arm-smmu.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version or apply the individual patches provided by the Linux kernel CVE team. |
| |
