CVE-2021-47267

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a null pointer dereference in the Linux kernel when a gadget driver calls usb assign descriptors() with a NULL descriptor for super-speed-plus and is then used on a max 10gbps configuration. This can cause the kernel to crash when a 10gbps capable device port + cable + host port combination shows up. The usb assign descriptors() function is called with 5 parameters, including usb descriptor header for full-speed, high-speed, super-speed, and super-speed-plus. The differences between full/high/super-speed descriptors are substantial due to changes in the maximum USB block size and other differences in the specs. However, the difference between 5 and 10Gbps descriptors may be minimal, and in many cases, the same tuning is sufficient. The fix is to use the 5gbps descriptor as the 10gbps descriptor if a 10gbps descriptor is not provided.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.