Vulnerability Details : CVE-2021-47172
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
Channel numbering must start at 0 and then not have any holes, or
it is possible to overflow the available storage. Note this bug was
introduced as part of a fix to ensure we didn't rely on the ordering
of child nodes. So we need to support arbitrary ordering but they all
need to be there somewhere.
Note I hit this when using qemu to test the rest of this series.
Arguably this isn't the best fix, but it is probably the most minimal
option for backporting etc.
Alexandru's sign-off is here because he carried this patch in a larger
set that Jonathan then applied.
Products affected by CVE-2021-47172
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-47172
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-47172
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-11-06 |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2021-47172 | 2024-03-25 |
CWE ids for CVE-2021-47172
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2021-47172
-
https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers - kernel/git/stable/linux.git - Linux kernel stable tree
Jump to