{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2021-47269","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T13:27:52.127Z","datePublished":"2024-05-21T14:19:59.207Z","dateUpdated":"2025-12-18T11:36:23.900Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-18T11:36:23.900Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: ep0: fix NULL pointer exception\n\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\n\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\n\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n\n[   82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[   82.966891] Mem abort info:\n[   82.969663]   ESR = 0x96000006\n[   82.972703]   Exception class = DABT (current EL), IL = 32 bits\n[   82.978603]   SET = 0, FnV = 0\n[   82.981642]   EA = 0, S1PTW = 0\n[   82.984765] Data abort info:\n[   82.987631]   ISV = 0, ISS = 0x00000006\n[   82.991449]   CM = 0, WnR = 0\n[   82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[   83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[   83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[   83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[   83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[   83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[   83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[   83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n\n...\n\n[   83.141788] Call trace:\n[   83.144227]  dwc3_ep0_handle_feature+0x414/0x43c\n[   83.148823]  dwc3_ep0_interrupt+0x3b4/0xc94\n[   83.181546] ---[ end trace aac6b5267d84c32f ]---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/dwc3/ep0.c"],"versions":[{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"96b74a99d360235c24052f1d060e64ac53f43528","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"60156089f07e724e4dc8483702d5e1ede4522749","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"990dc90750772622d44ca2ea6652c521e6f67e16","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"bd551e7c85939de2182010273450bfa78c3742fc","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"366369b89bedd59b1425386e8d4a18a466e420e4","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"470403639114895e2697c766fbe17be8d0e9b67a","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"788755756dd4a6aba1de479fec20b0fa600e7f19","status":"affected","versionType":"git"},{"version":"6a1e3ef45fb0c4d79cbb5190c8fc59263c630b0e","lessThan":"d00889080ab60051627dab1d85831cd9db750e2a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/dwc3/ep0.c"],"versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","status":"unaffected","versionType":"semver"},{"version":"4.4.273","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.273","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.237","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.195","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.126","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.44","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.11","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"4.4.273"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"4.9.273"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"4.14.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"4.19.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.4.126"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.12.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528"},{"url":"https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749"},{"url":"https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16"},{"url":"https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc"},{"url":"https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4"},{"url":"https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a"},{"url":"https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19"},{"url":"https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a"}],"title":"usb: dwc3: ep0: fix NULL pointer exception","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.981Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47269","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:39:44.902872Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:11.229Z"}}]}}