{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47404", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.816Z", "datePublished": "2024-05-21T15:03:58.021Z", "dateUpdated": "2024-11-04T12:05:16.663Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:05:16.663Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: betop: fix slab-out-of-bounds Write in betop_probe\n\nSyzbot reported slab-out-of-bounds Write bug in hid-betopff driver.\nThe problem is the driver assumes the device must have an input report but\nsome malicious devices violate this assumption.\n\nSo this patch checks hid_device's input is non empty before it's been used."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-betopff.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "a4faa7153b87", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6fc4476dda58", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1c83c38dec83", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bb8b72374db6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "fe9bb925e709", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "dedfc35a2de2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "708107b80aa6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1e4ce418b1cb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-betopff.c"], "versions": [{"version": "4.4.286", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.285", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.249", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.209", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.151", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.71", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.10", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019"}, {"url": "https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525"}, {"url": "https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9"}, {"url": "https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914"}, {"url": "https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550"}, {"url": "https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee"}, {"url": "https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e"}, {"url": "https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993"}], "title": "HID: betop: fix slab-out-of-bounds Write in betop_probe", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T17:40:32.628487Z", "id": "CVE-2021-47404", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T17:42:16.335Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.325Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.325Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47404", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T17:40:32.628487Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T17:40:37.868Z"}}], "cna": {"title": "HID: betop: fix slab-out-of-bounds Write in betop_probe", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "a4faa7153b87", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "6fc4476dda58", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1c83c38dec83", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bb8b72374db6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "fe9bb925e709", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "dedfc35a2de2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "708107b80aa6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1e4ce418b1cb", "versionType": "git"}], "programFiles": ["drivers/hid/hid-betopff.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.4.286", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.285", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.249", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.209", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.151", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.71", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.10", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/hid/hid-betopff.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019"}, {"url": "https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525"}, {"url": "https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9"}, {"url": "https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914"}, {"url": "https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550"}, {"url": "https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee"}, {"url": "https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e"}, {"url": "https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: betop: fix slab-out-of-bounds Write in betop_probe\n\nSyzbot reported slab-out-of-bounds Write bug in hid-betopff driver.\nThe problem is the driver assumes the device must have an input report but\nsome malicious devices violate this assumption.\n\nSo this patch checks hid_device's input is non empty before it's been used."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:05:16.663Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47404", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:05:16.663Z", "dateReserved": "2024-05-21T14:58:30.816Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:03:58.021Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: betop: fix slab-out-of-bounds Write in betop_probe\n\nSyzbot reported slab-out-of-bounds Write bug in hid-betopff driver.\nThe problem is the driver assumes the device must have an input report but\nsome malicious devices violate this assumption.\n\nSo this patch checks hid_device's input is non empty before it's been used."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: betop: corrige escritura slab-out-of-bounds en betop_probe. Syzbot inform\u00f3 un error de escritura slab-out-of-bounds en el controlador hid-betopff. El problema es que el controlador supone que el dispositivo debe tener un informe de entrada, pero algunos dispositivos maliciosos violan esta suposici\u00f3n. Entonces, este parche verifica que la entrada de hid_device no est\u00e9 vac\u00eda antes de usarse."}], "id": "CVE-2021-47404", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:25.920", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: HID: betop: fix slab-out-of-bounds Write in betop_probe", "id": "2282332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282332"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: betop: fix slab-out-of-bounds Write in betop_probe\nSyzbot reported slab-out-of-bounds Write bug in hid-betopff driver.\nThe problem is the driver assumes the device must have an input report but\nsome malicious devices violate this assumption.\nSo this patch checks hid_device's input is non empty before it's been used."], "name": "CVE-2021-47404", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47404\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47404\nhttps://lore.kernel.org/linux-cve-announce/2024052150-CVE-2021-47404-f851@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.4.286, kernel 4.9.285, kernel 4.14.249, kernel 4.19.209, kernel 5.4.151, kernel 5.10.71, kernel 5.14.10, kernel 5.15"}