DEBIAN-CVE-2021-47497

Source
https://security-tracker.debian.org/tracker/CVE-2021-47497
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47497.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-47497
Upstream
Published
2024-05-22T09:15:11Z
Modified
2025-09-25T23:25:57.606308Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITSPERBYTE the logic *p &= GENMASK((cell->nbits%BITSPERBYTE) - 1, 0); will become undefined behavior because nbits modulo BITSPERBYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: eventsunbound deferredprobeworkfunc Call trace: dumpbacktrace+0x0/0x170 showstack+0x24/0x30 dumpstacklvl+0x64/0x7c dumpstack+0x18/0x38 ubsanepilogue+0x10/0x54 _ubsanhandleshiftoutofbounds+0x180/0x194 _nvmemcellread+0x1ec/0x21c nvmemcellread+0x58/0x94 nvmemcellreadvariablecommon+0x4c/0xb0 nvmemcellreadvariableleu32+0x40/0x100 a6xxgpuinit+0x170/0x2f4 adrenobind+0x174/0x284 componentbindall+0xf0/0x264 msmdrmbind+0x1d8/0x7a0 trytobringupmaster+0x164/0x1ac _componentadd+0xbc/0x13c componentadd+0x20/0x2c dpdisplayprobe+0x340/0x384 platformprobe+0xc0/0x100 reallyprobe+0x110/0x304 _driverprobedevice+0xb8/0x120 driverprobedevice+0x4c/0xfc _deviceattachdriver+0xb0/0x128 busforeachdrv+0x90/0xdc _deviceattach+0xc8/0x174 deviceinitialprobe+0x20/0x2c busprobedevice+0x40/0xa4 deferredprobeworkfunc+0x7c/0xb8 processonework+0x128/0x21c processscheduledworks+0x40/0x54 workerthread+0x1ec/0x2a8 kthread+0x138/0x158 retfrom_fork+0x10/0x20 Fix it by making sure there are any bits to mask out.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}