CVE-2021-47286

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the Linux kernel, where the MHI (Mobile Host Interface) core does not properly validate channel IDs when processing command completions. This could lead to out-of-bounds accesses, as the channel ID read from the event ring element sent by the device can be any value between 0 and 255. To prevent this, a check has been added against the maximum number of channels supported by the controller and those channels not configured yet, so as to skip processing of that event ring element.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.