CVE-2021-47475

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the comedi driver in the Linux kernel, specifically the vmk80xx component. It involves a problem with transfer-buffer overflows due to the lack of sanity checks on buffer sizes. The driver uses endpoint-sized USB transfer buffers, and a commit inadvertently fixed NULL-pointer dereferences when accessing transfer buffers in case a malicious device has a zero wMaxPacketSize. To avoid writing beyond buffers, it is recommended to allocate buffers large enough to handle other accesses done without size checks. The original driver was for a low-speed device with 8-byte buffers, and support was later added for a device using bulk transfers, presumably a full-speed device with a maximum 64-byte wMaxPacketSize.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.