PT-2024-11389 · Linux+6 · Linux Kernel+6

Published

2021-09-16

Updated

2024-09-30

CVE-2021-47393

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the hwmon feature in the Linux kernel, specifically with the mlxreg-fan driver. The vulnerability occurs when the fan current state is enforced from sysfs and the value of the 'state' argument is above the nominal fan speed maximum. This causes a slab-out-of-bounds error in the thermal cooling device stats update function, which is called when the kernel is configured with the CONFIG THERMAL STATISTICS option. The error is detected by the KASAN (Kernel Address Sanitizer) tool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:7000

ALSA-2024:7001

BDU:2025-14331

CESA-2024_7000

CESA-2024_7001

CVE-2021-47393

INFSA-2024_7000

INFSA-2024_7001

OESA-2024-1677

OESA-2024-1678

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

RHSA-2023:2458

RHSA-2023_2458

RHSA-2024:10262

RHSA-2024:5065

RHSA-2024:6990

RHSA-2024:6991

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11389 · Linux+6 · Linux Kernel+6

CVE-2021-47393

Weakness Enumeration

Related Identifiers

Affected Products

References · 1946