CVE-2021-47098 : In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm9

In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative. Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.

Published 2024-03-04 18:15:08

Updated 2025-02-03 13:49:31

Source Linux

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2021-47098

Linux » Linux Kernel
Versions from including (>=) 5.14 and before (<) 5.15.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC1
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC2
cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC3
cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC4
cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC5
cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC6
cpe:2.3:o:linux:linux_kernel:5.16:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47098

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47098

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2025-02-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-47098

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47098

https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f

hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46

hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47098

Products affected by CVE-2021-47098

Exploit prediction scoring system (EPSS) score for CVE-2021-47098

CVSS scores for CVE-2021-47098

CWE ids for CVE-2021-47098

References for CVE-2021-47098