CVE-2021-47202

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47202
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47202.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47202
Related
Published
2024-04-10T19:15:48Z
Modified
2024-09-11T04:51:15.742620Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal: Fix NULL pointer dereferences in ofthermal functions

ofparsethermalzones() parses the thermal-zones node and registers a thermalzone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trippoint*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it.

console:/sys/class/thermal/thermalzone87 # echo 120000 > trippoint0temp ... Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... Call trace: ofthermalsettriptemp+0x40/0xc4 trippointtempstore+0xc0/0x1dc devattrstore+0x38/0x88 sysfskfwrite+0x64/0xc0 kernfsfopwriteiter+0x108/0x1d0 vfswrite+0x2f4/0x368 ksyswrite+0x7c/0xec _arm64syswrite+0x20/0x30 el0svccommon.llvm.7279915941325364641+0xbc/0x1bc doel0svc+0x28/0xa0 el0svc+0x14/0x24 el0synchandler+0x88/0xec el0_sync+0x1c0/0x200

While at it, fix the possible NULL pointer dereference in other functions as well: ofthermalgettemp(), ofthermalsetemultemp(), ofthermalgettrend().

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}