| The CVE-2021-47475 vulnerability affects the Linux kernel's comedi driver, specifically the vmk80xx module. The issue arises from the lack of sanity checks on USB transfer buffer sizes, which can lead to buffer overflows. This is because the driver uses endpoint-sized USB transfer buffers without verifying their validity. |
| |
| The vulnerability was introduced in kernel version 2.6.31 with commit 985cafccbf9b and has been fixed in various later kernel versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.217, 5.4.159, 5.10.79, 5.14.18, and 5.15.2. |
| |
| The affected file is `drivers/comedi/drivers/vmk80xx.c`. The vulnerability can be exploited by a malicious device with a zero `wMaxPacketSize`, leading to NULL-pointer dereferences when accessing the transfer buffers. This can result in writing beyond the buffers, potentially causing system crashes or arbitrary code execution. |
| |
| To mitigate this issue, users are recommended to update to the latest stable kernel version. Individual changes can be cherry-picked from the specified commits, but this is not supported by the Linux kernel community. |
| |
