PT-2021-8189 · Linux+3 · Linux Kernel+3

Johan Hovold

Published

2021-10-30

Updated

2024-11-25

CVE-2021-47476

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the comedi driver, specifically the ni usb6501 component, which lacks proper sanity checks on USB transfer buffer sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501 port command() and ni6501 counter command() if a malicious device has smaller max-packet sizes than expected. The vulnerability can be exploited when doing descriptor fuzz testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

BDU:2024-10517

CVE-2021-47476

OESA-2024-1705

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2021-8189 · Linux+3 · Linux Kernel+3

CVE-2021-47476

Weakness Enumeration

Related Identifiers

Affected Products

References · 1311