CVE-2021-47647

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.10

Description A vulnerability in the Linux kernel has been resolved, which was caused by a missing clock parent. The issue occurred when the pcie0 rchng clk src had num parents set to 2 but only one parent was actually set via parent hws. This caused the kernel to panic on a NULL pointer in clk core get parent by index(). The vulnerability resulted in a kernel oops, which could lead to a system crash.

Recommendations To fix this issue, utilize clk parent data to provide gcc xo gpll0 parent data. Convert existing users of parent names to clk parent data as well. As a temporary workaround, consider disabling the clk core get parent by index() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.

Note: The provided information does not include details about the number of potentially affected devices or real-world incidents.