CVE-2021-47098

HIGH

Linux Kernel 5.14 - Integer Overflow in LM90 Hysteresis Calculation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative. Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f

Patch

https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 12.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (8)

Linux/Linux < 5.14

Linux/Linux 5.14

Linux/Linux 5.15.12 - 5.15.*

Linux/Linux 5.16

Linux/Linux b50aa49638c7e12abf4ecc483f4e928c5cccc1b0 - 55840b9eae5367b5d5b29619dc2fb7e4596dba46

Linux/Linux b50aa49638c7e12abf4ecc483f4e928c5cccc1b0 - d105f30bea9104c590a9e5b495cb8a49bdfe405f

linux/linux_kernel 5.16 rc1 (6 CPE variants)

linux/linux_kernel 5.14 - 5.15.2

Published Mar 04, 2024

Tracked Since Feb 18, 2026