CVE-2021-47405

MEDIUM

Linux Kernel < 4.4.286 - Use-After-Free in HID usbhid raw_report Buffer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030

Patch

https://git.kernel.org/stable/c/efc5c8d29256955cc90d8d570849b2d6121ed09f

Patch

https://git.kernel.org/stable/c/c3156fea4d8a0e643625dff69a0421e872d1fdae

Patch

https://git.kernel.org/stable/c/764ac04de056801dfe52a716da63f6e7018e7f3b

Patch

https://git.kernel.org/stable/c/965147067fa1bedff3ae1f07ce3f89f1a14d2df3

Patch

https://git.kernel.org/stable/c/f7ac4d24e1610b92689946fa88177673f1e88a3f

Patch

https://git.kernel.org/stable/c/2b704864c92dcec2b295f276fcfbfb81d9831f81

Patch

https://git.kernel.org/stable/c/f7744fa16b96da57187dc8e5634152d3b63d72de

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (19)

Linux/Linux < 2.6.28

Linux/Linux 2.6.28

Linux/Linux 4.14.249 - 4.14.*

Linux/Linux 4.19.209 - 4.19.*

Linux/Linux 4.4.286 - 4.4.*

Linux/Linux 4.9.285 - 4.9.*

Linux/Linux 5.10.71 - 5.10.*

Linux/Linux 5.14.10 - 5.14.*

Linux/Linux 5.15

Linux/Linux 5.4.151 - 5.4.*

... and 9 more

Published May 21, 2024

Tracked Since Feb 18, 2026