PT-2024-11382 · Linux+6 · Linux Kernel+6

Nadezda Lutovinova

Published

2021-10-02

Updated

2025-01-21

CVE-2021-47386

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue has been resolved in the Linux kernel. The issue occurs when the driver reads a value from a device that meets certain conditions: (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)). This can happen if the value tmp equals 0b0xyz1xyz, where the same literals represent the same numbers. The patch fixes the issue by removing an unnecessary structure field lm75[], which no longer serves a purpose after switching to devm i2c new dummy device() in w83791d detect subclients(). The issue was found by the Linux Driver Verification project.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:7000

ALSA-2024:7001

BDU:2025-07462

CESA-2024_7000

CESA-2024_7001

CVE-2021-47386

INFSA-2024_7000

INFSA-2024_7001

INFSA-2024_9315

OPENSUSE-SU-2024_2189-1

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:9315

RHSA-2024_7000

RHSA-2024_7001

RHSA-2024_9315

RHSA-2025:4509

RLSA-2024:7001

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11382 · Linux+6 · Linux Kernel+6

CVE-2021-47386

Weakness Enumeration

Related Identifiers

Affected Products

References · 1676