{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47475","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-22T06:20:56.200Z","datePublished":"2024-05-22T08:19:29.423Z","dateUpdated":"2025-05-04T07:11:43.980Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:11:43.980Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix transfer-buffer overflows\n\nThe driver uses endpoint-sized USB transfer buffers but up until\nrecently had no sanity checks on the sizes.\n\nCommit e1f13c879a7c (\"staging: comedi: check validity of wMaxPacketSize\nof usb endpoints found\") inadvertently fixed NULL-pointer dereferences\nwhen accessing the transfer buffers in case a malicious device has a\nzero wMaxPacketSize.\n\nMake sure to allocate buffers large enough to handle also the other\naccesses that are done without a size check (e.g. byte 18 in\nvmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond\nthe buffers, for example, when doing descriptor fuzzing.\n\nThe original driver was for a low-speed device with 8-byte buffers.\nSupport was later added for a device that uses bulk transfers and is\npresumably a full-speed device with a maximum 64-byte wMaxPacketSize."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/comedi/drivers/vmk80xx.c"],"versions":[{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"5229159f1d052821007aff1a1beb7873eacf1a9f","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"ec85bcff4ed09260243d8f39faba99e1041718ba","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"7a2021b896de1ad559d33b5c5cdd20b982242088","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"199acd8c110e3ae62833c24f632b0bb1c9f012a9","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"33d7a470730dfe7c9bfc8da84575cf2cedd60d00","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"278484ae93297b1bb1ce755f9d3b6d95a48c7d47","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"06ac746d57e6d32b062e220415c607b7e2e0fa50","status":"affected","versionType":"git"},{"version":"985cafccbf9b7f862aa1c5ee566801e18b5161fb","lessThan":"a23461c47482fc232ffc9b819539d1f837adf2b1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/comedi/drivers/vmk80xx.c"],"versions":[{"version":"2.6.31","status":"affected"},{"version":"0","lessThan":"2.6.31","status":"unaffected","versionType":"semver"},{"version":"4.4.292","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.290","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.255","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.217","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.159","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.79","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.18","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15.2","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"4.4.292"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"4.9.290"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"4.14.255"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"4.19.217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.4.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.10.79"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.14.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.15.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f"},{"url":"https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba"},{"url":"https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7"},{"url":"https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088"},{"url":"https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9"},{"url":"https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00"},{"url":"https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47"},{"url":"https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50"},{"url":"https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1"}],"title":"comedi: vmk80xx: fix transfer-buffer overflows","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47475","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-22T17:52:35.271810Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:13:48.725Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.742Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1","tags":["x_transferred"]}]}]}}