CVE-2021-47269 - OpenCVE

Link	Providers
https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4
https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a
https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749
https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19
https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528
https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16
https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc
https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a
https://lore.kernel.org/linux-cve-announce/2024052150-CVE-2021-47269-c83f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47269
https://www.cve.org/CVERecord?id=CVE-2021-47269

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47269", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T13:27:52.127Z", "datePublished": "2024-05-21T14:19:59.207Z", "dateUpdated": "2024-09-11T17:33:11.229Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:05:00.544Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: ep0: fix NULL pointer exception\n\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\n\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\n\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n\n[ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[ 82.966891] Mem abort info:\n[ 82.969663] ESR = 0x96000006\n[ 82.972703] Exception class = DABT (current EL), IL = 32 bits\n[ 82.978603] SET = 0, FnV = 0\n[ 82.981642] EA = 0, S1PTW = 0\n[ 82.984765] Data abort info:\n[ 82.987631] ISV = 0, ISS = 0x00000006\n[ 82.991449] CM = 0, WnR = 0\n[ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n\n...\n\n[ 83.141788] Call trace:\n[ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94\n[ 83.181546] ---[ end trace aac6b5267d84c32f ]---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/ep0.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "96b74a99d360", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "60156089f07e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "990dc9075077", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bd551e7c8593", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "366369b89bed", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "470403639114", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "788755756dd4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d00889080ab6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/ep0.c"], "versions": [{"version": "4.4.273", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.9.273", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.237", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.195", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.126", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.44", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.11", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528"}, {"url": "https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749"}, {"url": "https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16"}, {"url": "https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc"}, {"url": "https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4"}, {"url": "https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a"}, {"url": "https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19"}, {"url": "https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a"}], "title": "usb: dwc3: ep0: fix NULL pointer exception", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.981Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47269", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:39:44.902872Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:11.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.981Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47269", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:39:44.902872Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:15.110Z"}}], "cna": {"title": "usb: dwc3: ep0: fix NULL pointer exception", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "96b74a99d360", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "60156089f07e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "990dc9075077", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bd551e7c8593", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "366369b89bed", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "470403639114", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "788755756dd4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d00889080ab6", "versionType": "git"}], "programFiles": ["drivers/usb/dwc3/ep0.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.4.273", "versionType": "custom", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.273", "versionType": "custom", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.237", "versionType": "custom", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.195", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.126", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.44", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.11", "versionType": "custom", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/usb/dwc3/ep0.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528"}, {"url": "https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749"}, {"url": "https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16"}, {"url": "https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc"}, {"url": "https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4"}, {"url": "https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a"}, {"url": "https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19"}, {"url": "https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: ep0: fix NULL pointer exception\n\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\n\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\n\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n\n[ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[ 82.966891] Mem abort info:\n[ 82.969663] ESR = 0x96000006\n[ 82.972703] Exception class = DABT (current EL), IL = 32 bits\n[ 82.978603] SET = 0, FnV = 0\n[ 82.981642] EA = 0, S1PTW = 0\n[ 82.984765] Data abort info:\n[ 82.987631] ISV = 0, ISS = 0x00000006\n[ 82.991449] CM = 0, WnR = 0\n[ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n\n...\n\n[ 83.141788] Call trace:\n[ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94\n[ 83.181546] ---[ end trace aac6b5267d84c32f ]---"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:05:00.544Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47269", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:11.229Z", "dateReserved": "2024-05-21T13:27:52.127Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:59.207Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: ep0: fix NULL pointer exception\n\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\n\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\n\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n\n[ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[ 82.966891] Mem abort info:\n[ 82.969663] ESR = 0x96000006\n[ 82.972703] Exception class = DABT (current EL), IL = 32 bits\n[ 82.978603] SET = 0, FnV = 0\n[ 82.981642] EA = 0, S1PTW = 0\n[ 82.984765] Data abort info:\n[ 82.987631] ISV = 0, ISS = 0x00000006\n[ 82.991449] CM = 0, WnR = 0\n[ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n\n...\n\n[ 83.141788] Call trace:\n[ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94\n[ 83.181546] ---[ end trace aac6b5267d84c32f ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3: ep0: corrige excepci\u00f3n de puntero NULL. No hay validaci\u00f3n del \u00edndice desde dwc3_wIndex_to_dep() y podr\u00edamos estar haciendo referencia a un ep inexistente y desencadenar una excepci\u00f3n de puntero NULL. En ciertas configuraciones, podr\u00edamos usar menos eps y el \u00edndice podr\u00eda indicar err\u00f3neamente un \u00edndice ep mayor que el existente. Al agregar esta validaci\u00f3n del parche, podemos informar un \u00edndice incorrecto a la persona que llama. En nuestro caso de uso, estamos usando un dispositivo compuesto en un kernel m\u00e1s antiguo, pero el nivel superior tambi\u00e9n podr\u00eda usar esta soluci\u00f3n. Desafortunadamente, no puedo describir el hardware para que otros reproduzcan el problema ya que es una implementaci\u00f3n propietaria. [82.958261] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000000000a4 [82.966891] Informaci\u00f3n de cancelaci\u00f3n de memoria: [82.969663] ESR = 0x96000006 [82.972703] Clase de excepci\u00f3n = DABT (EL actual), IL = 32 bits [ 82.9 78603] CONFIGURAR = 0, FnV = 0 [82.981642] EA = 0, S1PTW = 0 [82.984765] Informaci\u00f3n de cancelaci\u00f3n de datos: [82.987631] ISV = 0, ISS = 0x00000006 [82.991449] CM = 0, WnR = 0 [82.994409] tabla de usuario 4k: p\u00e1ginas, 39 VA de bits, pgdp = 00000000c6210ccc [ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000 [ 83.00 9685] Error interno: Oops: 96000006 [#1] SMP PREEMPTO [83.026433] Proceso irq/62-dwc3 (pid : 303, l\u00edmite de pila = 0x000000003985154c) [83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 No contaminado 4.19.124 #1 [83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 49628] ordenador personal: dwc3_ep0_handle_feature+0x414/0x43c [ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94 ... [ 83.141788] Rastreo de llamadas: [ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c [ 83.148 823] dwc3_ep0_interrupt+0x3b4/0xc94 [83.181546] ---[ final de seguimiento aac6b5267d84c32f ]---"}], "id": "CVE-2021-47269", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:15.470", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: usb: dwc3: ep0: fix NULL pointer exception", "id": "2282536", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282536"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nusb: dwc3: ep0: fix NULL pointer exception\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n[ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[ 82.966891] Mem abort info:\n[ 82.969663] ESR = 0x96000006\n[ 82.972703] Exception class = DABT (current EL), IL = 32 bits\n[ 82.978603] SET = 0, FnV = 0\n[ 82.981642] EA = 0, S1PTW = 0\n[ 82.984765] Data abort info:\n[ 82.987631] ISV = 0, ISS = 0x00000006\n[ 82.991449] CM = 0, WnR = 0\n[ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n...\n[ 83.141788] Call trace:\n[ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94\n[ 83.181546] ---[ end trace aac6b5267d84c32f ]---"], "name": "CVE-2021-47269", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47269\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47269\nhttps://lore.kernel.org/linux-cve-announce/2024052150-CVE-2021-47269-c83f@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.4.273, kernel 4.9.273, kernel 4.14.237, kernel 4.19.195, kernel 5.4.126, kernel 5.10.44, kernel 5.12.11, kernel 5.13"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object