CVE-2021-47409

MEDIUM

Linux Kernel < 4.14.250 - NULL Pointer Dereference in dwc2 USB Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b

Patch

https://git.kernel.org/stable/c/a7182993dd8e09f96839ddc3ac54f9b37370d282

Patch

https://git.kernel.org/stable/c/8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7

Patch

https://git.kernel.org/stable/c/2754fa3b73df7d0ae042f3ed6cfd9df9042f6262

Patch

https://git.kernel.org/stable/c/337f00a0bc62d7cb7d10ec0b872c79009a1641df

Patch

https://git.kernel.org/stable/c/856e6e8e0f9300befa87dde09edb578555c99a82

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 15.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (16)

Linux/Linux < 4.11

Linux/Linux 348becdcc3196addbe882e8a10451744e489e389 - 2754fa3b73df7d0ae042f3ed6cfd9df9042f6262

Linux/Linux 348becdcc3196addbe882e8a10451744e489e389 - 337f00a0bc62d7cb7d10ec0b872c79009a1641df

Linux/Linux 348becdcc3196addbe882e8a10451744e489e389 - 4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b

Linux/Linux 348becdcc3196addbe882e8a10451744e489e389 - 856e6e8e0f9300befa87dde09edb578555c99a82

Linux/Linux 348becdcc3196addbe882e8a10451744e489e389 - 8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7

Linux/Linux 348becdcc3196addbe882e8a10451744e489e389 - a7182993dd8e09f96839ddc3ac54f9b37370d282

Linux/Linux 4.11

Linux/Linux 4.14.250 - 4.14.*

Linux/Linux 4.19.210 - 4.19.*

... and 6 more

Published May 21, 2024

Tracked Since Feb 18, 2026