vulnerability
Ubuntu: (CVE-2021-47384): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 21, 2024 | Nov 19, 2024 | Sep 1, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
If driver read tmp value sufficient for
(tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7))
from device then Null pointer dereference occurs.
(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)
Also lm75[] does not serve a purpose anymore after switching to
devm_i2c_new_dummy_device() in w83791d_detect_subclients().
The patch fixes possible NULL pointer dereference by removing lm75[].
Found by Linux Driver Verification project (linuxtesting.org).
[groeck: Dropped unnecessary continuation lines, fixed multi-line alignments]
Solutions
References
- CVE-2021-47384
- https://attackerkb.com/topics/CVE-2021-47384
- CWE-476
- URL-https://git.kernel.org/linus/dd4d747ef05addab887dc8ff0d6ab9860bbcd783
- URL-https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623
- URL-https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc
- URL-https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616
- URL-https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783
- URL-https://www.cve.org/CVERecord?id=CVE-2021-47384
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.