ghsa-qcmx-p4h8-4fhq
Vulnerability from github
Published
2024-03-04 18:30
Modified
2024-03-04 18:30
Details
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative.
Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.
{ "affected": [], "aliases": [ "CVE-2021-47098" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-03-04T18:15:08Z", "severity": null }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations\n\nCommit b50aa49638c7 (\"hwmon: (lm90) Prevent integer underflows of\ntemperature calculations\") addressed a number of underflow situations\nwhen writing temperature limits. However, it missed one situation, seen\nwhen an attempt is made to set the hysteresis value to MAX_LONG and the\ncritical temperature limit is negative.\n\nUse clamp_val() when setting the hysteresis temperature to ensure that\nthe provided value can never overflow or underflow.", "id": "GHSA-qcmx-p4h8-4fhq", "modified": "2024-03-04T18:30:39Z", "published": "2024-03-04T18:30:39Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47098" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f" } ], "schema_version": "1.4.0", "severity": [] }
Loading...