PT-2024-11217 · Linux+2 · Linux Kernel+2

Published

2021-05-21

Updated

2025-06-17

CVE-2021-47170

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when a user attempts to submit a bulk transfer through usbfs with a buffer that is excessively large, generating a WARNing. This is not a bug in the kernel but rather an invalid request from the user, and the usbfs code handles it correctly. The same issue can theoretically occur with async transfers or the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, the GFP NOWARN flag is added to the kmalloc calls for these buffers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-20

Related Identifiers

BDU:2025-13709

CVE-2021-47170

OESA-2024-1483

OESA-2024-1484

OPENSUSE-SU-2024_1489-1

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2025:01983-1

SUSE-SU-2025_01983-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11217 · Linux+2 · Linux Kernel+2

CVE-2021-47170

Weakness Enumeration

Related Identifiers

Affected Products

References · 750