CVE-2021-47477

2024-05-2209:15:09

Debian Security Bug Tracker

security-tracker.debian.org

cve-2021-47477

comedi

dt9812

fix

dma buffers

stack

unix

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack or transfers will fail. Allocate proper transfer buffers in the various command helpers and return an error on short transfers instead of acting on random stack data. Note that this also fixes a stack info leak on systems where DMA is not used as 32 bytes are always sent to the device regardless of how short the command is.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.15.3-1linux_5.15.3-1_all.deb
Debian11alllinux< 5.10.84-1linux_5.10.84-1_all.deb
Debian10alllinux< 4.19.232-1linux_4.19.232-1_all.deb
Debian999alllinux< 5.15.3-1linux_5.15.3-1_all.deb
Debian13alllinux< 5.15.3-1linux_5.15.3-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.15.3-1	linux_5.15.3-1_all.deb
Debian	11	all	linux	< 5.10.84-1	linux_5.10.84-1_all.deb
Debian	10	all	linux	< 4.19.232-1	linux_4.19.232-1_all.deb
Debian	999	all	linux	< 5.15.3-1	linux_5.15.3-1_all.deb
Debian	13	all	linux	< 5.15.3-1	linux_5.15.3-1_all.deb