ghsa-c84w-j8mj-57ch
Vulnerability from github
Published
2024-05-22 09:31
Modified
2024-11-01 18:31
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

comedi: ni_usb6501: fix NULL-deref in command paths

The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501_port_command() and ni6501_counter_command() if a (malicious) device has smaller max-packet sizes than expected (or when doing descriptor fuzz testing).

Add the missing sanity checks to probe().

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-47476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T09:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_usb6501: fix NULL-deref in command paths\n\nThe driver uses endpoint-sized USB transfer buffers but had no sanity\nchecks on the sizes. This can lead to zero-size-pointer dereferences or\noverflowed transfer buffers in ni6501_port_command() and\nni6501_counter_command() if a (malicious) device has smaller max-packet\nsizes than expected (or when doing descriptor fuzz testing).\n\nAdd the missing sanity checks to probe().",
  "id": "GHSA-c84w-j8mj-57ch",
  "modified": "2024-11-01T18:31:26Z",
  "published": "2024-05-22T09:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a9d43cb5d5f39fa39fc1da438517004cc95f7ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58478143771b20ab219937b1c30a706590a59224"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/907767da8f3a925b060c740e0b5c92ea7dbec440"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa39738423503825625853b643b9e99d11c23816"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0156b7c9649d8f55a2ce3d3258509f1b2a181c3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc51111bf6e8e7b6cc94b133e4c291273a16acd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6a727a681a39ae4f73081a9bedb45d14f95bdd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df7b1238f3b599a0b9284249772cdfd1ea83a632"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef143dc0c3defe56730ecd3a9de7b3e1d7e557c1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.