CVE-2021-47101

Advisory lineage Upstream: 0 Downstream: 24
Analyzed
Published: 04 Mar 2024, 18:10
Last modified:11 May 2026, 13:48

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
<0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Mar 2024, 18:10
Published
Vulnerability first disclosed
11 May 2026, 13:48
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Techniques & Countermeasures

  • CWE-908Use of Uninitialized Resource

    The product uses or accesses a resource that has not been initialized.

Affected Systems

  • linuxlinux

    ≥ d9fe64e511144c1ee7d7555b4111f09dde9692ef, < d259f621c85949f30cc578cac813b82bb5169f56 | ≥ d9fe64e511144c1ee7d7555b4111f09dde9692ef, < 8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 | 4.9

  • linuxlinux_kernel

    ≥ 4.9, < 5.15.12 | 5.16:rc1 | 5.16:rc2 | 5.16:rc3 | 5.16:rc4 | 5.16:rc5 | 5.16:rc6

References (2)