cve-2021-47098
Vulnerability from cvelistv5
Published
2024-03-04 18:10
Modified
2024-09-11 17:33
Severity
Summary
hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:56:08.048392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:33.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/lm90.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d105f30bea91",
"status": "affected",
"version": "b50aa49638c7",
"versionType": "git"
},
{
"lessThan": "55840b9eae53",
"status": "affected",
"version": "b50aa49638c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/lm90.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations\n\nCommit b50aa49638c7 (\"hwmon: (lm90) Prevent integer underflows of\ntemperature calculations\") addressed a number of underflow situations\nwhen writing temperature limits. However, it missed one situation, seen\nwhen an attempt is made to set the hysteresis value to MAX_LONG and the\ncritical temperature limit is negative.\n\nUse clamp_val() when setting the hysteresis temperature to ensure that\nthe provided value can never overflow or underflow."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:02:03.223Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f"
},
{
"url": "https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46"
}
],
"title": "hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47098",
"datePublished": "2024-03-04T18:10:50.282Z",
"dateReserved": "2024-02-29T22:33:44.301Z",
"dateUpdated": "2024-09-11T17:33:33.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-47098\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-04T18:15:08.090\",\"lastModified\":\"2024-03-05T13:41:01.900\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations\\n\\nCommit b50aa49638c7 (\\\"hwmon: (lm90) Prevent integer underflows of\\ntemperature calculations\\\") addressed a number of underflow situations\\nwhen writing temperature limits. However, it missed one situation, seen\\nwhen an attempt is made to set the hysteresis value to MAX_LONG and the\\ncritical temperature limit is negative.\\n\\nUse clamp_val() when setting the hysteresis temperature to ensure that\\nthe provided value can never overflow or underflow.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (lm90) Previene el desbordamiento/desbordamiento insuficiente de enteros en los c\u00e1lculos de hist\u00e9resis del commit b50aa49638c7 (\\\"hwmon: (lm90) Evita el desbordamiento insuficiente de enteros en los c\u00e1lculos de temperatura\\\") abord\u00f3 una serie de situaciones de desbordamiento insuficiente al escribir. l\u00edmites de temperatura. Sin embargo, omiti\u00f3 una situaci\u00f3n, vista cuando se intenta establecer el valor de hist\u00e9resis en MAX_LONG y el l\u00edmite de temperatura cr\u00edtica es negativo. Utilice abrazadera_val() al configurar la temperatura de hist\u00e9resis para garantizar que el valor proporcionado nunca pueda desbordarse o subestimarse.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...