CVE-2021-47270

MEDIUM

Linux Kernel 4.6-4.9.273 - Null Pointer Dereference in USB Gadget Config

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadgets null ptr deref on 10gbps cabling. This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} by simply reusing the 5gbps config for 10gbps.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/beb1e67a5ca8d69703c776db9000527f44c0c93c

Patch

https://git.kernel.org/stable/c/8cd5f45c1b769e3e9e0f4325dd08b6c3749dc7ee

Patch

https://git.kernel.org/stable/c/10770d2ac0094b053c8897d96d7b2737cd72f7c5

Patch

https://git.kernel.org/stable/c/b4903f7fdc484628d0b8022daf86e2439d3ab4db

Patch

https://git.kernel.org/stable/c/4b289a0f3033f465b4fd51ba995251a7867a2aa2

Patch

https://git.kernel.org/stable/c/f17aae7c4009160f0630a91842a281773976a5bc

Patch

https://git.kernel.org/stable/c/90c4d05780d47e14a50e11a7f17373104cd47d25

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 13.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (18)

Linux/Linux < 4.6

Linux/Linux 4.14.237 - 4.14.*

Linux/Linux 4.19.195 - 4.19.*

Linux/Linux 4.6

Linux/Linux 4.9.273 - 4.9.*

Linux/Linux 5.10.44 - 5.10.*

Linux/Linux 5.12.11 - 5.12.*

Linux/Linux 5.13

Linux/Linux 5.4.126 - 5.4.*

Linux/Linux eaef50c760576bca70b87fdc26eb87a3660529f8 - 10770d2ac0094b053c8897d96d7b2737cd72f7c5

... and 8 more

Published May 21, 2024

Tracked Since Feb 18, 2026