7.8

CVE-2021-47475

EPSS 0.02%
Published 22.05.2024 09:15:09
Last modified 24.09.2025 18:58:58
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

comedi: vmk80xx: fix transfer-buffer overflows

The driver uses endpoint-sized USB transfer buffers but up until
recently had no sanity checks on the sizes.

Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize
of usb endpoints found") inadvertently fixed NULL-pointer dereferences
when accessing the transfer buffers in case a malicious device has a
zero wMaxPacketSize.

Make sure to allocate buffers large enough to handle also the other
accesses that are done without a size check (e.g. byte 18 in
vmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond
the buffers, for example, when doing descriptor fuzzing.

The original driver was for a low-speed device with 8-byte buffers.
Support was later added for a device that uses bulk transfers and is
presumably a full-speed device with a maximum 64-byte wMaxPacketSize.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.31 < 4.4.292

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.290

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.255

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.217

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.159

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.79

Linux ≫ Linux Kernel Version >= 5.11 < 5.14.18

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.028

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50

Patch

https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9

Patch

https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47

Patch

https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00

Patch

https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7

Patch

https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f

Patch

https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088

Patch

https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1

Patch

https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47475

EUVD