CVE-2021-47495

usbnet: sanity check for maxpacket

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

usbnet: sanity check for maxpacket

maxpacket of 0 makes no sense and oopses as we need to divide
by it. Give up.

V2: fixed typo in log and stylistic issues

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: verificación de cordura para maxpacket maxpacket de 0 no tiene sentido y falla ya que necesitamos dividirlo por él. Abandonar. V2: error tipográfico corregido en el registro y problemas de estilo

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-05-22 CVE Published
2024-05-23 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-369: Divide By Zero

CAPEC

References (10)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b9eba0a4a527e04d712f0e0401e5391ef124b33e	2021-11-02
https://git.kernel.org/stable/c/524f333e98138d909a0a0c574a9ff6737dce2767	2021-11-02
https://git.kernel.org/stable/c/74b3b27cf9fecce00cd8918b7882fd81191d0aa4	2021-11-02
https://git.kernel.org/stable/c/002d82227c0abe29118cf80f7e2f396b22d448ed	2021-11-02
https://git.kernel.org/stable/c/492140e45d2bf27c1014243f8616a9b612144e20	2021-11-02
https://git.kernel.org/stable/c/693ecbe8f799405f8775719deedb1f76265d375a	2021-11-02
https://git.kernel.org/stable/c/7e8b6a4f18edee070213cb6a77118e8a412253c5	2021-11-02
https://git.kernel.org/stable/c/397430b50a363d8b7bdda00522123f82df6adc5e	2021-10-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47495	2024-07-08
https://bugzilla.redhat.com/show_bug.cgi?id=2282920	2024-07-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.291 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.291"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.289 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.289"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.254 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.254"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.215 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.157 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.157"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.77 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.77"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.14.16 Search vendor "Linux" for product "Linux Kernel" and version " < 5.14.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15"		en		Affected