CVE-2021-47385
Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multipline alignment]
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 5.14.12-1 |
| debian | bullseye | fixed | 5.10.84-1 |
| debian | forky | fixed | 5.14.12-1 |
| debian | sid | fixed | 5.14.12-1 |
| debian | trixie | fixed | 5.14.12-1 |
| almalinux | 9 | fixed | kernel-debug-devel-matched-5.14.0-427.40.1.el9_4.aarch64.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:8162
- https://errata.rockylinux.org/RLSA-2024:7000
- https://errata.rockylinux.org/RLSA-2024:7001
- https://www.suse.com/security/cve/CVE-2021-47385.html
- https://security-tracker.debian.org/tracker/CVE-2021-47385
- https://errata.rockylinux.org/RLSA-2024:8162
- https://bugzilla.redhat.com/2270700
- https://bugzilla.redhat.com/2281127
- https://bugzilla.redhat.com/2281149
- https://bugzilla.redhat.com/2281847
- https://bugzilla.redhat.com/2282355
- https://bugzilla.redhat.com/2284571
- https://bugzilla.redhat.com/2293078
- https://bugzilla.redhat.com/2293443
- https://bugzilla.redhat.com/2295921
- https://bugzilla.redhat.com/2297474
- https://bugzilla.redhat.com/2297543
- https://bugzilla.redhat.com/2300517
- https://errata.almalinux.org/9/ALSA-2024-8162.html
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/2258012
- https://bugzilla.redhat.com/2258013
- https://bugzilla.redhat.com/2260038
- https://bugzilla.redhat.com/2265799
- https://bugzilla.redhat.com/2265838
💬 Discuss CVE-2021-47385 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.