U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2021-47609 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672 Patch 
https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538 Patch 
https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb Patch 
https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719 Patch 
https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945 Patch 
https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e Patch 
https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-47609
NVD Published Date:
06/19/2024
NVD Last Modified:
10/30/2024
Source:
kernel.org