CVE-2021-47474

HIGH

Linux kernel 2.6.31-4.4.291 - Out-of-bounds Write in comedi vmk80xx Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doing bulk transfers.

Scores

CVSS v3 7.8
EPSS 0.0026
EPSS Percentile 17.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (21)
Linux/Linux < 2.6.31
Linux/Linux 2.6.31
Linux/Linux 4.14.255 - 4.14.*
Linux/Linux 4.19.217 - 4.19.*
Linux/Linux 4.4.292 - 4.4.*
Linux/Linux 4.9.290 - 4.9.*
Linux/Linux 5.10.79 - 5.10.*
Linux/Linux 5.14.18 - 5.14.*
Linux/Linux 5.15.2 - 5.15.*
Linux/Linux 5.16
... and 11 more
Published May 22, 2024
Tracked Since Feb 18, 2026