CVE-2021-47286
HIGHLinux Kernel 5.7-5.10.54 5.13.6-5.13.* 5.14 - Out-of-bounds Write in MHI Channel ID Validation
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound accesses, add a check against the maximum number of channels supported by the controller and those channels not configured yet so as to skip processing of that event ring element.
References (3)
Core 3
Scores
CVSS v3
7.8
EPSS
0.0023
EPSS Percentile
13.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (10)
Linux/Linux
< 5.7
Linux/Linux
1d3173a3bae7039b765a0956e3e4bf846dbaacb8 - 3efec3b4b16fc7af25676a94230a8ab2a3bb867c
Linux/Linux
1d3173a3bae7039b765a0956e3e4bf846dbaacb8 - 546362a9ef2ef40b57c6605f14e88ced507f8dd0
Linux/Linux
1d3173a3bae7039b765a0956e3e4bf846dbaacb8 - aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9
Linux/Linux
5.10.54 - 5.10.*
Linux/Linux
5.13.6 - 5.13.*
Linux/Linux
5.14
Linux/Linux
5.7
linux/linux_kernel
5.14 rc1 (2 CPE variants)
linux/linux_kernel
5.7 - 5.10.54
Published
May 21, 2024
Tracked Since
Feb 18, 2026