CVE-2021-47476

2024-05-2200:00:00

ubuntu.com

linux kernel

comedi

ni_usb6501

usb transfer buffers

null-deref

command paths

sanity checks

probe

vulnerability

AI Score

6.7

Confidence

High

EPSS

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved: comedi:
ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized
USB transfer buffers but had no sanity checks on the sizes. This can lead
to zero-size-pointer dereferences or overflowed transfer buffers in
ni6501_port_command() and ni6501_counter_command() if a (malicious) device
has smaller max-packet sizes than expected (or when doing descriptor fuzz
testing). Add the missing sanity checks to probe().

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu16.04noarchlinux-aws-hwe< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu14.04noarchlinux-azure< anyUNKNOWN
ubuntu16.04noarchlinux-azure< anyUNKNOWN
ubuntu18.04noarchlinux-azure-4.15< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	14.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	16.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	18.04	noarch	linux-azure-4.15	< any	UNKNOWN