CVE-2021-47497: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

Published May 22, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITSPERBYTE the logic

p &= GENMASK((cell->nbits%BITSPERBYTE) - 1, 0);

will become undefined behavior because nbits modulo BITSPERBYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: eventsunbound deferredprobeworkfunc Call trace: dumpbacktrace+0x0/0x170 showstack+0x24/0x30 dumpstacklvl+0x64/0x7c dumpstack+0x18/0x38 ubsanepilogue+0x10/0x54 ubsanhandleshiftoutofbounds+0x180/0x194 nvmemcellread+0x1ec/0x21c nvmemcellread+0x58/0x94 nvmemcellreadvariablecommon+0x4c/0xb0 nvmemcellreadvariableleu32+0x40/0x100 a6xxgpuinit+0x170/0x2f4 adrenobind+0x174/0x284 componentbindall+0xf0/0x264 msmdrmbind+0x1d8/0x7a0 trytobringupmaster+0x164/0x1ac componentadd+0xbc/0x13c componentadd+0x20/0x2c dpdisplayprobe+0x340/0x384 platformprobe+0xc0/0x100 reallyprobe+0x110/0x304 driverprobedevice+0xb8/0x120 driverprobedevice+0x4c/0xfc deviceattachdriver+0xb0/0x128 busforeachdrv+0x90/0xdc deviceattach+0xc8/0x174 deviceinitialprobe+0x20/0x2c busprobedevice+0x40/0xa4 deferredprobeworkfunc+0x7c/0xb8 processonework+0x128/0x21c processscheduledworks+0x40/0x54 workerthread+0x1ec/0x2a8 kthread+0x138/0x158 retfromfork+0x10/0x20

Fix it by making sure there are any bits to mask out.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

The Linux kernel CVE team has assigned CVE-2021-47497 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052242-CVE-2021-47497-449e@gregkh/T

Red Hat

Affected Software

24 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
redhat/kernel<4.4.290
4.4.290
redhat/kernel<4.9.288
4.9.288
redhat/kernel<4.14.252
4.14.252
redhat/kernel<4.19.213
4.19.213
redhat/kernel<5.4.155
5.4.155
redhat/kernel<5.10.75
5.10.75
redhat/kernel<5.14.14
5.14.14
redhat/kernel<5.15
5.15
Linux Linux kernel>=4.3<4.4.290
Linux Linux kernel>=4.5<4.9.288
Linux Linux kernel>=4.10<4.14.252
Linux Linux kernel>=4.15<4.19.213
Linux Linux kernel>=4.20<5.4.155
Linux Linux kernel>=5.5<5.10.75
Linux Linux kernel>=5.11<5.14.14
Linux Linux kernel=5.15-rc1
Linux Linux kernel=5.15-rc2
Linux Linux kernel=5.15-rc3
Linux Linux kernel=5.15-rc4
Linux Linux kernel=5.15-rc5

Remediation

Patch Available

https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082

Patch Available

https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae

Patch Available

https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df

Patch Available

https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66

Patch Available

https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9

Patch Available

https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df

Patch Available

https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97

Patch Available

https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca

Event History

May 22, 2024
CVE Published
via MITRE·08:19 AM
Data Sourced
via MITRE·08:19 AM
Description
Data Sourced
via NVD·09:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
May 23, 2024
Data Sourced
via Red Hat·10:15 AM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-47497?

CVE-2021-47497 has not been assigned a specific severity rating but involves a potential undefined behavior due to a shift-out-of-bounds issue.

2

How do I fix CVE-2021-47497?

To fix CVE-2021-47497, upgrade to the kernel versions 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, 5.14.14, or 5.15.

3

What systems are affected by CVE-2021-47497?

CVE-2021-47497 affects certain versions of the Linux kernel, specifically those prior to the listed remedial versions.

4

Is CVE-2021-47497 exploitable in the wild?

There is currently no public information indicating that CVE-2021-47497 is actively exploited in the wild.

5

What are the potential impacts of CVE-2021-47497?

The potential impacts of CVE-2021-47497 include system instability or crashes due to undefined behavior in the kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203