{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47172", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-25T09:12:14.111Z", "datePublished": "2024-03-25T09:16:23.741Z", "dateUpdated": "2026-05-23T15:19:26.911Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:19:26.911Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: Fix potential overflow due to non sequential channel numbers\n\nChannel numbering must start at 0 and then not have any holes, or\nit is possible to overflow the available storage. Note this bug was\nintroduced as part of a fix to ensure we didn't rely on the ordering\nof child nodes. So we need to support arbitrary ordering but they all\nneed to be there somewhere.\n\nNote I hit this when using qemu to test the rest of this series.\nArguably this isn't the best fix, but it is probably the most minimal\noption for backporting etc.\n\nAlexandru's sign-off is here because he carried this patch in a larger\nset that Jonathan then applied." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/iio/adc/ad7124.c" ], "versions": [ { "version": "5408cbc6337300d6f1a87c797273c535ed96305a", "lessThan": "f49149964d2423fb618fb6b755bb1eaa431cca2c", "status": "affected", "versionType": "git" }, { "version": "d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4", "lessThan": "f70122825076117787b91e7f219e21c09f11a5b9", "status": "affected", "versionType": "git" }, { "version": "d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4", "lessThan": "26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc", "status": "affected", "versionType": "git" }, { "version": "d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4", "lessThan": "f2a772c51206b0c3f262e4f6a3812c89a650191b", "status": "affected", "versionType": "git" }, { "version": "5.4.14", "lessThan": "5.4.124", "status": "affected", "versionType": "semver" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/iio/adc/ad7124.c" ], "versions": [ { "version": "5.5", "status": "affected" }, { "version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.124", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.42", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.12.9", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.14", "versionEndExcluding": "5.4.124" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.42" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.12.9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.13" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c" }, { "url": "https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9" }, { "url": "https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc" }, { "url": "https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b" } ], "title": "iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2024-07-17T17:18:44.850824Z", "id": "CVE-2021-47172", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T15:29:32.072Z" } }, { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:40.144Z" }, "title": "CVE Program Container", "references": [ { "url": "https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b", "tags": [ "x_transferred" ] } ] } ] } }