PT-2024-11436 · Linux+6 · Linux Kernel+6

Published

2021-10-14

·

Updated

2024-09-30

·

CVE-2021-47441

CVSS v3.1

7.3

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.0-rc3-custom-45935-gce1adf704b14
Description The Linux kernel has a vulnerability in the mlxsw thermal driver, which allows cooling states to be set above the maximum cooling state supported by the driver. This results in out-of-bounds memory accesses when thermal state transition statistics are enabled. The driver should reject such operations, and an error should be returned when the state to be set exceeds the maximum cooling state supported by the driver.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version that is newer than 5.15.0-rc3-custom-45935-gce1adf704b14. Additionally, consider disabling the thermal state transition statistics feature until the update can be applied.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:7000
ALSA-2024:7001
BDU:2025-07491
CESA-2024_7000
CESA-2024_7001
CVE-2021-47441
INFSA-2024_7000
INFSA-2024_7001
OPENSUSE-SU-2024_2185-1
OPENSUSE-SU-2024_2189-1
RHSA-2023:2458
RHSA-2023_2458
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024_7000
RHSA-2024_7001
RLSA-2024:7001
SUSE-SU-2024:2008-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2011-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2185-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2892-1
SUSE-SU-2024:2901-1
SUSE-SU-2024:2940-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse