CVE-2021-47202

Advisory lineage Upstream: 0 Downstream: 17

Downstream

DEBIAN-CVE-2021-47202 SUSE-SU-2024:1465-1 SUSE-SU-2024:1641-1 SUSE-SU-2024:1642-1 SUSE-SU-2024:1643-1 SUSE-SU-2024:1644-1

Analyzed

Published: 10 Apr 2024, 18:56

Last modified:11 May 2026, 13:49

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Apr 2024, 18:56

Published

Vulnerability first disclosed

11 May 2026, 13:49

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp ... Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... Call trace: of_thermal_set_trip_temp+0x40/0xc4 trip_point_temp_store+0xc0/0x1dc dev_attr_store+0x38/0x88 sysfs_kf_write+0x64/0xc0 kernfs_fop_write_iter+0x108/0x1d0 vfs_write+0x2f4/0x368 ksys_write+0x7c/0xec __arm64_sys_write+0x20/0x30 el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc do_el0_svc+0x28/0xa0 el0_svc+0x14/0x24 el0_sync_handler+0x88/0xec el0_sync+0x1c0/0x200 While at it, fix the possible NULL pointer dereference in other functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend().

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 2251aef64a38db60f4ae7a4a83f9203c6791f196, < 828f4c31684da94ecf0b44a2cbd35bbede04f0bd | ≥ 2251aef64a38db60f4ae7a4a83f9203c6791f196, < 6a315471cb6a07f651e1d3adc8962730f4fcccac | ≥ 2251aef64a38db60f4ae7a4a83f9203c6791f196, < 0750f769b95841b34a9fe8c418dd792ff526bf86 | ≥ 2251aef64a38db60f4ae7a4a83f9203c6791f196, < ef2590a5305e0b8e9342f84c2214aa478ee7f28e | ≥ 2251aef64a38db60f4ae7a4a83f9203c6791f196, < 96cfe05051fd8543cdedd6807ec59a0e6c409195 | 3.19
linux•linux_kernel
< 5.4.210 | ≥ 5.5, < 5.10.81 | ≥ 5.11, < 5.14.21 | ≥ 5.15, < 5.15.4