Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2021-47202

Disclosure Date: April 10, 2024 •

CVE-2021-47202 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

thermal: Fix NULL pointer dereferences in ofthermal functions

of_parse_thermal_zones() parses the thermal-zones node and registers a
thermal_zone device for each subnode. However, if a thermal zone is
consuming a thermal sensor and that thermal sensor device hasn’t probed
yet, an attempt to set trippoint*_temp for that thermal zone device
can cause a NULL pointer dereference. Fix it.

console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp
…
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
…
Call trace:
of_thermal_set_trip_temp+0x40/0xc4
trip_point_temp_store+0xc0/0x1dc
dev_attr_store+0x38/0x88
sysfs_kf_write+0x64/0xc0
kernfs_fop_write_iter+0x108/0x1d0
vfs_write+0x2f4/0x368
ksys_write+0x7c/0xec
__arm64_sys_write+0x20/0x30
el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc
do_el0_svc+0x28/0xa0
el0_svc+0x14/0x24
el0_sync_handler+0x88/0xec
el0_sync+0x1c0/0x200

While at it, fix the possible NULL pointer dereference in other
functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),
of_thermal_get_trend().

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

References

Canonical

CVE-2021-47202 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47202)

Miscellaneous

https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd

https://git.kernel.org/stable/c/6a315471cb6a07f651e1d3adc8962730f4fcccac

https://git.kernel.org/stable/c/0750f769b95841b34a9fe8c418dd792ff526bf86

https://git.kernel.org/stable/c/ef2590a5305e0b8e9342f84c2214aa478ee7f28e

https://git.kernel.org/stable/c/96cfe05051fd8543cdedd6807ec59a0e6c409195

Rapid7

Unknown

CVE-2021-47202

Unknown

Unknown

None

Low

Local

CVE-2021-47202

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-47202

Unknown

Unknown

None

Low

Local

CVE-2021-47202

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification