CVE-2021-47477

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the allocation of USB transfer buffers on the stack in the Linux kernel's comedi: dt9812 component. These buffers are typically mapped for DMA and should not be allocated on the stack, or transfers will fail. The vulnerability allows an attacker to potentially access confidential information due to a stack info leak on systems where DMA is not used, as 32 bytes are always sent to the device regardless of the command length. The vulnerability is also related to the functions dt9812 read info(), dt9812 read multiple registers(), dt9812 write multiple registers(), and dt9812 rmw multiple registers() in drivers/staging/comedi/drivers/dt9812.c.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.