ghsa-qcmx-p4h8-4fhq
Vulnerability from github
Published
2024-03-04 18:30
Modified
2024-03-04 18:30
Details
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative.
Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.
{
"affected": [],
"aliases": [
"CVE-2021-47098"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T18:15:08Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations\n\nCommit b50aa49638c7 (\"hwmon: (lm90) Prevent integer underflows of\ntemperature calculations\") addressed a number of underflow situations\nwhen writing temperature limits. However, it missed one situation, seen\nwhen an attempt is made to set the hysteresis value to MAX_LONG and the\ncritical temperature limit is negative.\n\nUse clamp_val() when setting the hysteresis temperature to ensure that\nthe provided value can never overflow or underflow.",
"id": "GHSA-qcmx-p4h8-4fhq",
"modified": "2024-03-04T18:30:39Z",
"published": "2024-03-04T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47098"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading...