{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47362", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.809Z", "datePublished": "2024-05-21T15:03:30.532Z", "dateUpdated": "2024-12-19T07:40:28.317Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:40:28.317Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Update intermediate power state for SI\n\nUpdate the current state as boot state during dpm initialization.\nDuring the subsequent initialization, set_power_state gets called to\ntransition to the final power state. set_power_state refers to values\nfrom the current state and without current state populated, it could\nresult in NULL pointer dereference.\n\nFor ex: on platforms where PCI speed change is supported through ACPI\nATCS method, the link speed of current state needs to be queried before\ndeciding on changing to final power state's link speed. The logic to query\nATCS-support was broken on certain platforms. The issue became visible\nwhen broken ATCS-support logic got fixed with commit\nf9b7f3703ff9 (\"drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)\").\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/pm/powerplay/si_dpm.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "06a18e64256f7aecb5a27df02faa3568fcd3c105", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/pm/powerplay/si_dpm.c"], "versions": [{"version": "5.10.70", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.9", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68"}, {"url": "https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105"}, {"url": "https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa"}], "title": "drm/amd/pm: Update intermediate power state for SI", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.596Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47362", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:32.849264Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:47.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.596Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47362", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:32.849264Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.731Z"}}], "cna": {"title": "drm/amd/pm: Update intermediate power state for SI", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "06a18e64256f7aecb5a27df02faa3568fcd3c105", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/pm/powerplay/si_dpm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.70", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.9", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/pm/powerplay/si_dpm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68"}, {"url": "https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105"}, {"url": "https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Update intermediate power state for SI\n\nUpdate the current state as boot state during dpm initialization.\nDuring the subsequent initialization, set_power_state gets called to\ntransition to the final power state. set_power_state refers to values\nfrom the current state and without current state populated, it could\nresult in NULL pointer dereference.\n\nFor ex: on platforms where PCI speed change is supported through ACPI\nATCS method, the link speed of current state needs to be queried before\ndeciding on changing to final power state's link speed. The logic to query\nATCS-support was broken on certain platforms. The issue became visible\nwhen broken ATCS-support logic got fixed with commit\nf9b7f3703ff9 (\"drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)\").\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:40:28.317Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47362", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:40:28.317Z", "dateReserved": "2024-05-21T14:58:30.809Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:03:30.532Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ECC9806-1A88-441B-9504-CD4A53C66847", "versionEndExcluding": "5.10.70", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B31D6C1-A751-438D-906B-0C56B789D498", "versionEndExcluding": "5.14.9", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Update intermediate power state for SI\n\nUpdate the current state as boot state during dpm initialization.\nDuring the subsequent initialization, set_power_state gets called to\ntransition to the final power state. set_power_state refers to values\nfrom the current state and without current state populated, it could\nresult in NULL pointer dereference.\n\nFor ex: on platforms where PCI speed change is supported through ACPI\nATCS method, the link speed of current state needs to be queried before\ndeciding on changing to final power state's link speed. The logic to query\nATCS-support was broken on certain platforms. The issue became visible\nwhen broken ATCS-support logic got fixed with commit\nf9b7f3703ff9 (\"drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)\").\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Actualizar el estado de energ\u00eda intermedio para SI. Actualiza el estado actual como estado de arranque durante la inicializaci\u00f3n de dpm. Durante la inicializaci\u00f3n posterior, se llama a set_power_state para realizar la transici\u00f3n al estado de energ\u00eda final. set_power_state se refiere a valores del estado actual y sin el estado actual poblado, podr\u00eda resultar en una desreferencia del puntero NULL. Por ejemplo: en plataformas donde se admite el cambio de velocidad PCI a trav\u00e9s del m\u00e9todo ACPI ATCS, se debe consultar la velocidad del enlace del estado actual antes de decidir cambiar a la velocidad del enlace del estado de energ\u00eda final. La l\u00f3gica para consultar el soporte ATCS estaba rota en ciertas plataformas. El problema se hizo visible cuando la l\u00f3gica de soporte ATCS rota se solucion\u00f3 con la confirmaci\u00f3n f9b7f3703ff9 (\"drm/amdgpu/acpi: hacer que las estructuras ATPX/ATCS sean globales (v2)\"). Error: https://gitlab.freedesktop.org/drm/amd/-/issues/1698"}], "id": "CVE-2021-47362", "lastModified": "2024-12-26T18:47:14.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:22.357", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/amd/pm: Update intermediate power state for SI", "id": "2282387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282387"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/pm: Update intermediate power state for SI\nUpdate the current state as boot state during dpm initialization.\nDuring the subsequent initialization, set_power_state gets called to\ntransition to the final power state. set_power_state refers to values\nfrom the current state and without current state populated, it could\nresult in NULL pointer dereference.\nFor ex: on platforms where PCI speed change is supported through ACPI\nATCS method, the link speed of current state needs to be queried before\ndeciding on changing to final power state's link speed. The logic to query\nATCS-support was broken on certain platforms. The issue became visible\nwhen broken ATCS-support logic got fixed with commit\nf9b7f3703ff9 (\"drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)\").\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698"], "name": "CVE-2021-47362", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47362\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47362\nhttps://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47362-ce0d@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.70, kernel 5.14.9, kernel 5.15"}