CVE-2021-47098

Summary

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations

Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative.

Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb50aa49638c7e12abf4ecc483f4e928c5cccc1b0 < d105f30bea9104c590a9e5b495cb8a49bdfe405faffected
LinuxLinuxb50aa49638c7e12abf4ecc483f4e928c5cccc1b0 < 55840b9eae5367b5d5b29619dc2fb7e4596dba46affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.12 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References