CVE-2021-47286

HIGH

Linux Kernel 5.7-5.10.54 5.13.6-5.13.* 5.14 - Out-of-bounds Write in MHI Channel ID Validation

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound accesses, add a check against the maximum number of channels supported by the controller and those channels not configured yet so as to skip processing of that event ring element.

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (10)
Linux/Linux < 5.7
Linux/Linux 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 - 3efec3b4b16fc7af25676a94230a8ab2a3bb867c
Linux/Linux 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 - 546362a9ef2ef40b57c6605f14e88ced507f8dd0
Linux/Linux 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 - aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9
Linux/Linux 5.10.54 - 5.10.*
Linux/Linux 5.13.6 - 5.13.*
Linux/Linux 5.14
Linux/Linux 5.7
linux/linux_kernel 5.14 rc1 (2 CPE variants)
linux/linux_kernel 5.7 - 5.10.54
Published May 21, 2024
Tracked Since Feb 18, 2026