CVE-2021-47120

HID: magicmouse: fix NULL-deref on disconnect

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic
Trackpad 2") added a sanity check for an Apple trackpad but returned
success instead of -ENODEV when the check failed. This means that the
remove callback will dereference the never-initialised driver data
pointer when the driver is later unbound (e.g. on USB disconnect).

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: magicmouse: corrige NULL-deref al desconectarse. el commit 9d7b18668956 ("HID: magicmouse: agrega soporte para Apple Magic Trackpad 2") agregó una verificación de cordura para un trackpad de Apple pero devolvió el éxito. en lugar de -ENODEV cuando falló la verificación. Esto significa que la devolución de llamada de eliminación eliminará la referencia al puntero de datos del controlador nunca inicializado cuando el controlador se desvincule posteriormente (por ejemplo, al desconectarse el USB).

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad but returned success instead of -ENODEV when the check failed. This means that the remove callback will dereference the never-initialised driver data pointer when the driver is later unbound (e.g. on USB disconnect).

The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bug fixes.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-04 CVE Reserved
2024-03-15 CVE Published
2025-04-23 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/9d7b18668956c411a422d04c712994c5fdb23a4b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6	2021-06-10
https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77	2021-06-10
https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f	2021-06-10
https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497	2021-05-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.125 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.125"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.10.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.10.43"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.12.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.12.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.13"		en		Affected