{"id":"CVE-2021-47286","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: core: Validate channel ID when processing command completions\n\nMHI reads the channel ID from the event ring element sent by the\ndevice which can be any value between 0 and 255. In order to\nprevent any out of bound accesses, add a check against the maximum\nnumber of channels supported by the controller and those channels\nnot configured yet so as to skip processing of that event ring\nelement.","modified":"2026-03-15T22:43:10.093295Z","published":"2024-05-21T15:15:16.723Z","references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/3efec3b4b16fc7af25676a94230a8ab2a3bb867c"},{"type":"FIX","url":"https://git.kernel.org/stable/c/546362a9ef2ef40b57c6605f14e88ced507f8dd0"},{"type":"FIX","url":"https://git.kernel.org/stable/c/aed4f5b51aba41e2afd7cfda20a0571a6a67dfe9"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.7"},{"fixed":"5.10.54"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.13.6"}]},{"events":[{"introduced":"0"},{"last_affected":"5.14-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.14-rc2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47286.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}