CVE-2021-47476

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-47476
In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501_port_command() and ni6501_counter_command() if a (malicious) device has smaller max-packet sizes than expected (or when doing descriptor fuzz testing). Add the missing sanity checks to probe().

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea
https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224
https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440
https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816
https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3
https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1
https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1
https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632
https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1
Configurations

No configuration.

History

01 Nov 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.6

03 Jul 2024, 01:38

Type Values Removed Values Added
CWE CWE-476
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: comedi: ni_usb6501: corrige NULL-deref en las rutas de comando El controlador usa búferes de transferencia USB del tamaño de un terminal, pero no tuvo controles de cordura en los tamaños. Esto puede provocar desreferencias de puntero de tamaño cero o búferes de transferencia desbordados en ni6501_port_command() y ni6501_counter_command() si un dispositivo (malicioso) tiene tamaños máximos de paquetes más pequeños de lo esperado (o cuando se realizan pruebas de descriptor difuso). Agregue las comprobaciones de cordura que faltan a probe().

22 May 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-22 09:15

Updated : 2024-11-01 15:35

NVD link : CVE-2021-47476

Mitre link : CVE-2021-47476

CVE.ORG link : CVE-2021-47476

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024