CVE-2021-47474

comedi: vmk80xx: fix bulk-buffer overflow

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

comedi: vmk80xx: fix bulk-buffer overflow

The driver is using endpoint-sized buffers but must not assume that the
tx and rx buffers are of equal size or a malicious device could overflow
the slab-allocated receive buffer when doing bulk transfers.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: comedi: vmk80xx: corrige el desbordamiento masivo del búfer El controlador utiliza búferes del tamaño de un endpoint, pero no debe asumir que los búferes tx y rx son del mismo tamaño o un dispositivo malicioso podría desbordar el búfer de recepción asignado por losa al realizar transferencias masivas.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-05-22 CVE Published
2024-05-23 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/985cafccbf9b7f862aa1c5ee566801e18b5161fb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e0e6a63fd97ad95fe05dfd77268a1952551e11a7	2021-11-12
https://git.kernel.org/stable/c/7cfb35db607760698d299fd1cf7402dfa8f09973	2021-11-12
https://git.kernel.org/stable/c/0866dcaa828c21bc2f94dac00e086078f11b5772	2021-11-12
https://git.kernel.org/stable/c/063f576c43d589a4c153554b681d32b3f8317c7b	2021-11-12
https://git.kernel.org/stable/c/1ae4715121a57bc6fa29fd992127b01907f2f993	2021-11-12
https://git.kernel.org/stable/c/b7fd7f3387f070215e6be341e68eb5c087eeecc0	2021-11-12
https://git.kernel.org/stable/c/7b0e356189327287d0eb98ec081bd6dd97068cd3	2021-11-12
https://git.kernel.org/stable/c/47b4636ebdbeba2044b3db937c4d2b6a4fe3d0f2	2021-11-12
https://git.kernel.org/stable/c/78cdfd62bd54af615fba9e3ca1ba35de39d3871d	2021-10-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 4.4.292 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 4.4.292"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 4.9.290 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 4.9.290"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 4.14.255 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 4.14.255"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 4.19.217 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 4.19.217"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 5.4.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 5.4.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 5.10.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 5.10.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 5.14.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 5.14.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 5.15.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 5.15.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.31 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.31 < 5.16"		en		Affected