CVE-2021-47474
HIGHLinux kernel 2.6.31-4.4.291 - Out-of-bounds Write in comedi vmk80xx Driver
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doing bulk transfers.
References (9)
Core 9
Core References
Scores
CVSS v3
7.8
EPSS
0.0026
EPSS Percentile
17.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (21)
Linux/Linux
< 2.6.31
Linux/Linux
2.6.31
Linux/Linux
4.14.255 - 4.14.*
Linux/Linux
4.19.217 - 4.19.*
Linux/Linux
4.4.292 - 4.4.*
Linux/Linux
4.9.290 - 4.9.*
Linux/Linux
5.10.79 - 5.10.*
Linux/Linux
5.14.18 - 5.14.*
Linux/Linux
5.15.2 - 5.15.*
Linux/Linux
5.16
... and 11 more
Published
May 22, 2024
Tracked Since
Feb 18, 2026