CVE-2021-47497

一、漏洞信息
 漏洞编号：[CVE-2021-47497](https://nvd.nist.gov/vuln/detail/CVE-2021-47497)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：0.0 None
  Vector：CVSS：3.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has  nbits  equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type  unsigned long  CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.
 漏洞公开时间：2024-05-22 17:15:11
 漏洞创建时间：2024-05-22 09:27:05
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2021-47497
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47497 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2021-47497 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47497.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2282918 | https://bugzilla.suse.com/show_bug.cgi?id=1225355 |
| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024052242-CVE-2021-47497-449e@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2282918 |
| ubuntu | https://www.cve.org/CVERecord?id=CVE-2021-47497 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/linus/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 (5.15-rc6) | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2021-47497 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2021-47497 | https://ubuntu.com/security/CVE-2021-47497 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2021-47497 | https://ubuntu.com/security/CVE-2021-47497 |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2021-47497 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| linux |  | https://git.kernel.org/linus/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 | https://git.kernel.org/linus/69aba7948cbe53f2f1827e84e9dd0ae470a5072e | ubuntu |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has  nbits  equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type  unsigned long  CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.
 openEuler评分：
  4.4
 Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP1(5.10.0):不受影响
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响
5.master(6.6.0):不受影响
6.openEuler-24.03-LTS(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.6.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否

原因说明：
  1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP1(5.10.0):
4.openEuler-22.03-LTS-SP3(5.10.0):
5.openEuler-22.03-LTS-SP4(5.10.0):
6.openEuler-24.03-LTS(6.6.0):
7.openEuler-24.03-LTS-Next(6.6.0):

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@oskernel0719 ,@gasonchen 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):
9.openEuler-22.03-LTS-SP4:
10.openEuler-24.03-LTS:
11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):
9.openEuler-22.03-LTS-SP4:
10.openEuler-24.03-LTS:
11.openEuler-24.03-LTS-Next:

-----------------------------------------------------------------------
issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2021-47497	None	None	https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97 https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66 https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082
https://ubuntu.com/security/CVE-2021-47497	None	None	https://discourse.ubuntu.com/c/ubuntu-pro
https://www.opencve.io/cve/CVE-2021-47497	None	None	https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97 https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66 https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-47497
https://security-tracker.debian.org/tracker/CVE-2021-47497	None	None	https://git.kernel.org/linus/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP2:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP2:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP2:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP2:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP2:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:不受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:不受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS:不受影响,openEuler-22.03-LTS-SP2:不受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:不受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:不受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS:不受影响,openEuler-22.03-LTS-SP2:不受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
5.5
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:不受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:不受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

@ 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 需分析 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS:不受影响,openEuler-22.03-LTS-SP2:不受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-22.03-LTS-Next:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.修复是否涉及abi变化|openEuler-20.03-LTS-SP1:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP2:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-22.03-LTS-Next:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2021-47497

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic

*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);

will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we
subtract one from that making a large number that is then shifted more than the
number of bits that fit into an unsigned long.

UBSAN reports this problem:

UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8
 shift exponent 64 is too large for 64-bit type 'unsigned long'
 CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9
 Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
 Workqueue: events_unbound deferred_probe_work_func
 Call trace:
  dump_backtrace+0x0/0x170
  show_stack+0x24/0x30
  dump_stack_lvl+0x64/0x7c
  dump_stack+0x18/0x38
  ubsan_epilogue+0x10/0x54
  __ubsan_handle_shift_out_of_bounds+0x180/0x194
  __nvmem_cell_read+0x1ec/0x21c
  nvmem_cell_read+0x58/0x94
  nvmem_cell_read_variable_common+0x4c/0xb0
  nvmem_cell_read_variable_le_u32+0x40/0x100
  a6xx_gpu_init+0x170/0x2f4
  adreno_bind+0x174/0x284
  component_bind_all+0xf0/0x264
  msm_drm_bind+0x1d8/0x7a0
  try_to_bring_up_master+0x164/0x1ac
  __component_add+0xbc/0x13c
  component_add+0x20/0x2c
  dp_display_probe+0x340/0x384
  platform_probe+0xc0/0x100
  really_probe+0x110/0x304
  __driver_probe_device+0xb8/0x120
  driver_probe_device+0x4c/0xfc
  __device_attach_driver+0xb0/0x128
  bus_for_each_drv+0x90/0xdc
  __device_attach+0xc8/0x174
  device_initial_probe+0x20/0x2c
  bus_probe_device+0x40/0xa4
  deferred_probe_work_func+0x7c/0xb8
  process_one_work+0x128/0x21c
  process_scheduled_works+0x40/0x54
  worker_thread+0x1ec/0x2a8
  kthread+0x138/0x158
  ret_from_fork+0x10/0x20

Fix it by making sure there are any bits to mask out.

openEuler评分:(评分和向量)
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4:受影响
2.openEuler-22.03-LTS-SP1:不受影响
3.openEuler-22.03-LTS-SP3:不受影响
4.openEuler-22.03-LTS-SP4:不受影响
5.master(23.08.5):不受影响
6.openEuler-24.03-LTS:不受影响
7.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4:否
2.openEuler-22.03-LTS-SP1:否
3.openEuler-22.03-LTS-SP3:否
4.master(23.08.5):否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-22.03-LTS-SP4:否

===========================================================

@sanglipeng 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 分析项目 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:nvmem: Fix shift-out-of-bound (UBSAN) with byte size cellsIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and wesubtract one from that making a large number that is then shifted more than thenumber of bits that fit into an unsigned long.UBSAN reports this problem: UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9 Hardware name: Google Lazor (rev3+) with KB Backlight (DT) Workqueue: events_unbound deferred_probe_work_func Call trace:  dump_backtrace+0x0/0x170  show_stack+0x24/0x30  dump_stack_lvl+0x64/0x7c  dump_stack+0x18/0x38  ubsan_epilogue+0x10/0x54  __ubsan_handle_shift_out_of_bounds+0x180/0x194  __nvmem_cell_read+0x1ec/0x21c  nvmem_cell_read+0x58/0x94  nvmem_cell_read_variable_common+0x4c/0xb0  nvmem_cell_read_variable_le_u32+0x40/0x100  a6xx_gpu_init+0x170/0x2f4  adreno_bind+0x174/0x284  component_bind_all+0xf0/0x264  msm_drm_bind+0x1d8/0x7a0  try_to_bring_up_master+0x164/0x1ac  __component_add+0xbc/0x13c  component_add+0x20/0x2c  dp_display_probe+0x340/0x384  platform_probe+0xc0/0x100  really_probe+0x110/0x304  __driver_probe_device+0xb8/0x120  driver_probe_device+0x4c/0xfc  __device_attach_driver+0xb0/0x128  bus_for_each_drv+0x90/0xdc  __device_attach+0xc8/0x174  device_initial_probe+0x20/0x2c  bus_probe_device+0x40/0xa4  deferred_probe_work_func+0x7c/0xb8  process_one_work+0x128/0x21c  process_scheduled_works+0x40/0x54  worker_thread+0x1ec/0x2a8  kthread+0x138/0x158  ret_from_fork+0x10/0x20Fix it by making sure there are any bits to mask out.|
|已分析|2.openEulerScore|4.4|
|已分析|3.openEulerVector|AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP1:不受影响,openEuler-22.03-LTS-SP3:不受影响,openEuler-22.03-LTS-SP4:不受影响,master:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.是否涉及abi变化|openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS-SP1:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否|
|已分析|6.原因说明||

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

src-openEuler/kernel

内容风险标识

评论 (59)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2021-47497

评论 (59)

搜索帮助

src-openEuler/kernel