Vulnerability Details : CVE-2021-47286
In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: core: Validate channel ID when processing command completions
MHI reads the channel ID from the event ring element sent by the
device which can be any value between 0 and 255. In order to
prevent any out of bound accesses, add a check against the maximum
number of channels supported by the controller and those channels
not configured yet so as to skip processing of that event ring
element.
Products affected by CVE-2021-47286
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-47286
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-47286
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2025-04-30 |
CWE ids for CVE-2021-47286
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-47286
-
https://git.kernel.org/stable/c/546362a9ef2ef40b57c6605f14e88ced507f8dd0
bus: mhi: core: Validate channel ID when processing command completions - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/3efec3b4b16fc7af25676a94230a8ab2a3bb867c
bus: mhi: core: Validate channel ID when processing command completions - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9
bus: mhi: core: Validate channel ID when processing command completions - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to