github - ghsa-4mwj-7h55-4fvc

ghsa-4mwj-7h55-4fvc

Vulnerability from github

Published

2024-05-21 15:31

Modified

2025-04-30 15:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: wcd934x: Fix shift-out-of-bounds error

bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) which is not right, and this was caught by below usban check

UBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-47263"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: wcd934x: Fix shift-out-of-bounds error\n\nbit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1)\nwhich is not right, and this was caught by below usban check\n\nUBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14",
  "id": "GHSA-4mwj-7h55-4fvc",
  "modified": "2025-04-30T15:30:43Z",
  "published": "2024-05-21T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47263"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbec64b11c65d74f31427e2b9d5746fbf17bf840"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd55331d493b7ea75c5db1f24d6822946fde2862"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0b518a2eb44d8a74c19e50f79a8ed393e96d634"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-47263 (GCVE-0-2021-47263)

Vulnerability from cvelistv5

Published

2024-05-21 14:19

Modified

2025-05-04 07:07

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) which is not right, and this was caught by below usban check UBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14

References

►

URL

Tags

	https://git.kernel.org/stable/c/e0b518a2eb44d8a74c19e50f79a8ed393e96d634
	https://git.kernel.org/stable/c/dd55331d493b7ea75c5db1f24d6822946fde2862
	https://git.kernel.org/stable/c/dbec64b11c65d74f31427e2b9d5746fbf17bf840

Impacted products

Vendor

Product

Version

►

Version: 59c324683400b41caa6d85b091e812ee3d5415c3
Version: 59c324683400b41caa6d85b091e812ee3d5415c3
Version: 59c324683400b41caa6d85b091e812ee3d5415c3

Version: 5.6

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T15:03:36.656989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T15:03:44.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:08.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0b518a2eb44d8a74c19e50f79a8ed393e96d634"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dd55331d493b7ea75c5db1f24d6822946fde2862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbec64b11c65d74f31427e2b9d5746fbf17bf840"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-wcd934x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e0b518a2eb44d8a74c19e50f79a8ed393e96d634",
              "status": "affected",
              "version": "59c324683400b41caa6d85b091e812ee3d5415c3",
              "versionType": "git"
            },
            {
              "lessThan": "dd55331d493b7ea75c5db1f24d6822946fde2862",
              "status": "affected",
              "version": "59c324683400b41caa6d85b091e812ee3d5415c3",
              "versionType": "git"
            },
            {
              "lessThan": "dbec64b11c65d74f31427e2b9d5746fbf17bf840",
              "status": "affected",
              "version": "59c324683400b41caa6d85b091e812ee3d5415c3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-wcd934x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.44",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.11",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: wcd934x: Fix shift-out-of-bounds error\n\nbit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1)\nwhich is not right, and this was caught by below usban check\n\nUBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:07:28.795Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e0b518a2eb44d8a74c19e50f79a8ed393e96d634"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd55331d493b7ea75c5db1f24d6822946fde2862"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbec64b11c65d74f31427e2b9d5746fbf17bf840"
        }
      ],
      "title": "gpio: wcd934x: Fix shift-out-of-bounds error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47263",
    "datePublished": "2024-05-21T14:19:55.318Z",
    "dateReserved": "2024-05-21T13:27:52.126Z",
    "dateUpdated": "2025-05-04T07:07:28.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.