Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound accesses, add a check against the maximum number of channels supported by the controller and those channels not configured yet so as to skip processing of that event ring element.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.7, < 5.10.54 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/3efec3b4b16fc7af25676a94230a8ab2a3bb867cPatch
- https://git.kernel.org/stable/c/546362a9ef2ef40b57c6605f14e88ced507f8dd0Patch
- https://git.kernel.org/stable/c/aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9Patch
- https://git.kernel.org/stable/c/3efec3b4b16fc7af25676a94230a8ab2a3bb867cPatch
- https://git.kernel.org/stable/c/546362a9ef2ef40b57c6605f14e88ced507f8dd0Patch
- https://git.kernel.org/stable/c/aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9Patch
FAQ
What is CVE-2021-47286?
CVE-2021-47286 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent ...
How severe is CVE-2021-47286?
CVE-2021-47286 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47286?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.