7.8

CVE-2021-47404

HID: betop: fix slab-out-of-bounds Write in betop_probe

In the Linux kernel, the following vulnerability has been resolved:

HID: betop: fix slab-out-of-bounds Write in betop_probe

Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver.
The problem is the driver assumes the device must have an input report but
some malicious devices violate this assumption.

So this patch checks hid_device's input is non empty before it's been used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.4.286
LinuxLinux Kernel Version >= 4.5 < 4.9.285
LinuxLinux Kernel Version >= 4.10 < 4.14.249
LinuxLinux Kernel Version >= 4.15 < 4.19.209
LinuxLinux Kernel Version >= 4.20 < 5.4.151
LinuxLinux Kernel Version >= 5.5 < 5.10.71
LinuxLinux Kernel Version >= 5.11 < 5.14.10
LinuxLinux Kernel Version5.15 Updaterc1
LinuxLinux Kernel Version5.15 Updaterc2
LinuxLinux Kernel Version5.15 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.172
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9
Patch
https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993
Patch
https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525
Patch
https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e
Patch
https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019
Patch
https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914
Patch
https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee
Patch
https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550
Patch