Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2021-47497— nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

EPSS 0.02% · P6

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux69aba7948cbe53f2f1827e84e9dd0ae470a5072e< abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97affected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< 60df06bbdf497e37ed25ad40572c362e5b0998dfaffected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< 2df6c023050205c4d04ffc121bc549f65cb8d1dfaffected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< eb0fc8e7170e61eaf65d28dee4a8baf4e86b19caaffected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< 0594f1d048d8dc338eb9a240021b1d00ae1eb082affected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< 57e48886401b14cd351423fabfec2cfd18df4f66affected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< 0e822e5413da1af28cca350cb1cb42b6133bdcaeaffected
69aba7948cbe53f2f1827e84e9dd0ae470a5072e< 5d388fa01fa6eb310ac023a363a6cb216d9d8fe9affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-47497

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace+0x0/0x170 show_stack+0x24/0x30 dump_stack_lvl+0x64/0x7c dump_stack+0x18/0x38 ubsan_epilogue+0x10/0x54 __ubsan_handle_shift_out_of_bounds+0x180/0x194 __nvmem_cell_read+0x1ec/0x21c nvmem_cell_read+0x58/0x94 nvmem_cell_read_variable_common+0x4c/0xb0 nvmem_cell_read_variable_le_u32+0x40/0x100 a6xx_gpu_init+0x170/0x2f4 adreno_bind+0x174/0x284 component_bind_all+0xf0/0x264 msm_drm_bind+0x1d8/0x7a0 try_to_bring_up_master+0x164/0x1ac __component_add+0xbc/0x13c component_add+0x20/0x2c dp_display_probe+0x340/0x384 platform_probe+0xc0/0x100 really_probe+0x110/0x304 __driver_probe_device+0xb8/0x120 driver_probe_device+0x4c/0xfc __device_attach_driver+0xb0/0x128 bus_for_each_drv+0x90/0xdc __device_attach+0xc8/0x174 device_initial_probe+0x20/0x2c bus_probe_device+0x40/0xa4 deferred_probe_work_func+0x7c/0xb8 process_one_work+0x128/0x21c process_scheduled_works+0x40/0x54 worker_thread+0x1ec/0x2a8 kthread+0x138/0x158 ret_from_fork+0x10/0x20 Fix it by making sure there are any bits to mask out.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 69aba7948cbe53f2f1827e84e9dd0ae470a5072e ~ abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97 -
LinuxLinux 4.3 -

II. Public POCs for CVE-2021-47497

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-47497

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-22 · 63 CVEs total

CVE-2021-47476comedi: ni_usb6501: fix NULL-deref in command paths
CVE-2021-47492mm, thp: bail out early in collapse_file for writeback page
CVE-2021-47496net/tls: Fix flipped sign in tls_err_abort() calls
CVE-2021-47494cfg80211: fix management registrations locking
CVE-2021-47493ocfs2: fix race between searching chunks and release journal_head from buffer_head
CVE-2021-47482net: batman-adv: fix error handling
CVE-2021-47480scsi: core: Put LLD module refcnt after SCSI device is released
CVE-2021-47478isofs: Fix out of bound access for corrupted isofs image
CVE-2021-47479staging: rtl8712: fix use-after-free in rtl8712_dl_fw
CVE-2021-47477comedi: dt9812: fix DMA buffers on stack
CVE-2021-47481RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
CVE-2021-47475comedi: vmk80xx: fix transfer-buffer overflows
CVE-2021-47474comedi: vmk80xx: fix bulk-buffer overflow
CVE-2021-47473scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
CVE-2021-47471drm: mxsfb: Fix NULL pointer dereference crash on unload
CVE-2021-47470mm, slub: fix potential use-after-free in slab_debugfs_fops
CVE-2021-47468isdn: mISDN: Fix sleeping function called from invalid context
CVE-2021-47467kunit: fix reference count leak in kfree_at_end
CVE-2021-47466mm, slub: fix potential memoryleak in kmem_cache_open()
CVE-2021-47465KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()

Showing top 20 of 63 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2021-47497

No comments yet

Leave a comment