CVE-2021-47098
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative.
Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b50aa49638c7e12abf4ecc483f4e928c5cccc1b0 < d105f30bea9104c590a9e5b495cb8a49bdfe405f | affected |
| Linux | Linux | b50aa49638c7e12abf4ecc483f4e928c5cccc1b0 < 55840b9eae5367b5d5b29619dc2fb7e4596dba46 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 5.15.12 <= 5.15.* | unaffected |
| Linux | Linux | 5.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f
- https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f
- https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.