cve-2021-47476
Vulnerability from cvelistv5
Published
2024-05-22 08:19
Modified
2024-12-19 07:43
Summary
In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501_port_command() and ni6501_counter_command() if a (malicious) device has smaller max-packet sizes than expected (or when doing descriptor fuzz testing). Add the missing sanity checks to probe().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1
Impacted products
Vendor Product Version
Linux Linux Version: 3.18
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47476",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T18:23:48.578876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T14:38:44.765Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/ni_usb6501.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "58478143771b20ab219937b1c30a706590a59224",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "aa39738423503825625853b643b9e99d11c23816",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "df7b1238f3b599a0b9284249772cdfd1ea83a632",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "bc51111bf6e8e7b6cc94b133e4c291273a16acd1",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "b0156b7c9649d8f55a2ce3d3258509f1b2a181c3",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "4a9d43cb5d5f39fa39fc1da438517004cc95f7ea",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "d6a727a681a39ae4f73081a9bedb45d14f95bdd1",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            },
            {
              "lessThan": "907767da8f3a925b060c740e0b5c92ea7dbec440",
              "status": "affected",
              "version": "a03bb00e50ab4c07107da58a52a0bff7943f360c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/ni_usb6501.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.292",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.255",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_usb6501: fix NULL-deref in command paths\n\nThe driver uses endpoint-sized USB transfer buffers but had no sanity\nchecks on the sizes. This can lead to zero-size-pointer dereferences or\noverflowed transfer buffers in ni6501_port_command() and\nni6501_counter_command() if a (malicious) device has smaller max-packet\nsizes than expected (or when doing descriptor fuzz testing).\n\nAdd the missing sanity checks to probe()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T07:43:08.715Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816"
        },
        {
          "url": "https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440"
        }
      ],
      "title": "comedi: ni_usb6501: fix NULL-deref in command paths",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47476",
    "datePublished": "2024-05-22T08:19:30.201Z",
    "dateReserved": "2024-05-22T06:20:56.200Z",
    "dateUpdated": "2024-12-19T07:43:08.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47476\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-22T09:15:09.470\",\"lastModified\":\"2024-11-21T06:36:15.453\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncomedi: ni_usb6501: fix NULL-deref in command paths\\n\\nThe driver uses endpoint-sized USB transfer buffers but had no sanity\\nchecks on the sizes. This can lead to zero-size-pointer dereferences or\\noverflowed transfer buffers in ni6501_port_command() and\\nni6501_counter_command() if a (malicious) device has smaller max-packet\\nsizes than expected (or when doing descriptor fuzz testing).\\n\\nAdd the missing sanity checks to probe().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: comedi: ni_usb6501: corrige NULL-deref en las rutas de comando El controlador usa b\u00faferes de transferencia USB del tama\u00f1o de un terminal, pero no tuvo controles de cordura en los tama\u00f1os. Esto puede provocar desreferencias de puntero de tama\u00f1o cero o b\u00faferes de transferencia desbordados en ni6501_port_command() y ni6501_counter_command() si un dispositivo (malicioso) tiene tama\u00f1os m\u00e1ximos de paquetes m\u00e1s peque\u00f1os de lo esperado (o cuando se realizan pruebas de descriptor difuso). Agregue las comprobaciones de cordura que faltan a probe().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.