{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47120", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-04T18:12:48.838Z", "datePublished": "2024-03-15T20:14:26.578Z", "dateUpdated": "2024-12-19T07:35:36.203Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:35:36.203Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: fix NULL-deref on disconnect\n\nCommit 9d7b18668956 (\"HID: magicmouse: add support for Apple Magic\nTrackpad 2\") added a sanity check for an Apple trackpad but returned\nsuccess instead of -ENODEV when the check failed. This means that the\nremove callback will dereference the never-initialised driver data\npointer when the driver is later unbound (e.g. on USB disconnect)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-magicmouse.c"], "versions": [{"version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6", "status": "affected", "versionType": "git"}, {"version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "b5d013c4c76b276890135b5d32803c4c63924b77", "status": "affected", "versionType": "git"}, {"version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "9cf27473f21913a3eaf4702dd2a25415afd5f33f", "status": "affected", "versionType": "git"}, {"version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "4b4f6cecca446abcb686c6e6c451d4f1ec1a7497", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-magicmouse.c"], "versions": [{"version": "4.20", "status": "affected"}, {"version": "0", "lessThan": "4.20", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.125", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.43", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.10", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6"}, {"url": "https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77"}, {"url": "https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f"}, {"url": "https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497"}], "title": "HID: magicmouse: fix NULL-deref on disconnect", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T15:24:16.763009Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:25.270Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.876Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.876Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T15:24:16.763009Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.765Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "HID: magicmouse: fix NULL-deref on disconnect", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6", "versionType": "git"}, {"status": "affected", "version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "b5d013c4c76b276890135b5d32803c4c63924b77", "versionType": "git"}, {"status": "affected", "version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "9cf27473f21913a3eaf4702dd2a25415afd5f33f", "versionType": "git"}, {"status": "affected", "version": "9d7b18668956c411a422d04c712994c5fdb23a4b", "lessThan": "4b4f6cecca446abcb686c6e6c451d4f1ec1a7497", "versionType": "git"}], "programFiles": ["drivers/hid/hid-magicmouse.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.20"}, {"status": "unaffected", "version": "0", "lessThan": "4.20", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.125", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.43", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.10", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/hid/hid-magicmouse.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6"}, {"url": "https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77"}, {"url": "https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f"}, {"url": "https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: fix NULL-deref on disconnect\n\nCommit 9d7b18668956 (\"HID: magicmouse: add support for Apple Magic\nTrackpad 2\") added a sanity check for an Apple trackpad but returned\nsuccess instead of -ENODEV when the check failed. This means that the\nremove callback will dereference the never-initialised driver data\npointer when the driver is later unbound (e.g. on USB disconnect)."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:35:36.203Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47120", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:35:36.203Z", "dateReserved": "2024-03-04T18:12:48.838Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-15T20:14:26.578Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "552FBD6A-793D-4EE1-9D44-69978256AA46", "versionEndExcluding": "5.4.125", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2136BD5-4F86-40C8-96C8-5C90A015490C", "versionEndExcluding": "5.10.43", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA", "versionEndExcluding": "5.12.10", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: fix NULL-deref on disconnect\n\nCommit 9d7b18668956 (\"HID: magicmouse: add support for Apple Magic\nTrackpad 2\") added a sanity check for an Apple trackpad but returned\nsuccess instead of -ENODEV when the check failed. This means that the\nremove callback will dereference the never-initialised driver data\npointer when the driver is later unbound (e.g. on USB disconnect)."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: magicmouse: corrige NULL-deref al desconectarse. el commit 9d7b18668956 (\"HID: magicmouse: agrega soporte para Apple Magic Trackpad 2\") agreg\u00f3 una verificaci\u00f3n de cordura para un trackpad de Apple pero devolvi\u00f3 el \u00e9xito. en lugar de -ENODEV cuando fall\u00f3 la verificaci\u00f3n. Esto significa que la devoluci\u00f3n de llamada de eliminaci\u00f3n eliminar\u00e1 la referencia al puntero de datos del controlador nunca inicializado cuando el controlador se desvincule posteriormente (por ejemplo, al desconectarse el USB)."}], "id": "CVE-2021-47120", "lastModified": "2025-01-07T18:00:30.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-15T21:15:07.060", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: magicmouse: fix NULL-deref on disconnect", "id": "2269850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269850"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: magicmouse: fix NULL-deref on disconnect\nCommit 9d7b18668956 (\"HID: magicmouse: add support for Apple Magic\nTrackpad 2\") added a sanity check for an Apple trackpad but returned\nsuccess instead of -ENODEV when the check failed. This means that the\nremove callback will dereference the never-initialised driver data\npointer when the driver is later unbound (e.g. on USB disconnect)."], "name": "CVE-2021-47120", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47120\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47120\nhttps://lore.kernel.org/linux-cve-announce/2024031510-CVE-2021-47120-c3db@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 5.4.125, kernel 5.10.43, kernel 5.12.10, kernel 5.13"}