CVE-2021-47384

May 21, 2024, 4:54 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multi-line alignments]

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623
https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc
https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616
https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-21
CVE-2021-47384

Timeline

Published: May 21, 2024, 3:15 p.m.
Last Modified: May 21, 2024, 4:54 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.