CVE-2021-47633

UNKNOWN 0.0

ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound. pd = &chinfo[pier].pd_curves[idx]; There are many OOB writes using pd later in the code. So I added a sanity check for idx. Checks for other loops involving AR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not used outside the loops. The patch is NOT tested with real device. The following is the fuzzing report BUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] Write of size 1 at addr ffff8880174a4d60 by task modprobe/214 CPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1 Call Trace: dump_stack+0x76/0xa0 print_address_description.constprop.0+0x16/0x200 ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] __kasan_report.cold+0x37/0x7c ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] kasan_report+0xe/0x20 ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] ? apic_timer_interrupt+0xa/0x20 ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k] ath5k_eeprom_init+0x2513/0x6290 [ath5k] ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] ? usleep_range+0xb8/0x100 ? apic_timer_interrupt+0xa/0x20 ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k] ath5k_hw_init+0xb60/0x1970 [ath5k] ath5k_init_ah+0x6fe/0x2530 [ath5k] ? kasprintf+0xa6/0xe0 ? ath5k_stop+0x140/0x140 [ath5k] ? _dev_notice+0xf6/0xf6 ? apic_timer_interrupt+0xa/0x20 ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k] ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] ? mutex_lock+0x89/0xd0 ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] local_pci_probe+0xd3/0x160 pci_device_probe+0x23f/0x3e0 ? pci_device_remove+0x280/0x280 ? pci_device_remove+0x280/0x280 really_probe+0x209/0x5d0

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Feb 26, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

8e218fb24faef0bfe95bc91b3c05261e20439527 < f4de974019a0adf34d0e7de6b86252f1bd266b06 8e218fb24faef0bfe95bc91b3c05261e20439527 < ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84 8e218fb24faef0bfe95bc91b3c05261e20439527 < 25efc5d03455c3839249bc77fce5e29ecb54677e 8e218fb24faef0bfe95bc91b3c05261e20439527 < c4e2f577271e158d87a916afb4e87415a88ce856 8e218fb24faef0bfe95bc91b3c05261e20439527 < 9d7d83d0399e23d66fd431b553842a84ac10398f 8e218fb24faef0bfe95bc91b3c05261e20439527 < be2f81024e7981565d90a4c9ca3067d11b6bca7f 8e218fb24faef0bfe95bc91b3c05261e20439527 < fc8f7752a82f4accb99c0f1a868906ba1eb7b86f 8e218fb24faef0bfe95bc91b3c05261e20439527 < cbd96d6cad6625feba9c8d101ed4977d53e82f8e 8e218fb24faef0bfe95bc91b3c05261e20439527 < 564d4eceb97eaf381dd6ef6470b06377bb50c95a

Linux / Linux

2.6.30

References

NVD ↗ CVE.org ↗ EPSS Data ↗