| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix transfer-buffer overflows\n\nThe driver uses endpoint-sized USB transfer buffers but up until\nrecently had no sanity checks on the sizes.\n\nCommit e1f13c879a7c (\"staging: comedi: check validity of wMaxPacketSize\nof usb endpoints found\") inadvertently fixed NULL-pointer dereferences\nwhen accessing the transfer buffers in case a malicious device has a\nzero wMaxPacketSize.\n\nMake sure to allocate buffers large enough to handle also the other\naccesses that are done without a size check (e.g. byte 18 in\nvmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond\nthe buffers, for example, when doing descriptor fuzzing.\n\nThe original driver was for a low-speed device with 8-byte buffers.\nSupport was later added for a device that uses bulk transfers and is\npresumably a full-speed device with a maximum 64-byte wMaxPacketSize." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/comedi/drivers/vmk80xx.c" |
| ], |
| "versions": [ |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "5229159f1d052821007aff1a1beb7873eacf1a9f", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "ec85bcff4ed09260243d8f39faba99e1041718ba", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "7a2021b896de1ad559d33b5c5cdd20b982242088", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "199acd8c110e3ae62833c24f632b0bb1c9f012a9", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "33d7a470730dfe7c9bfc8da84575cf2cedd60d00", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "278484ae93297b1bb1ce755f9d3b6d95a48c7d47", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "06ac746d57e6d32b062e220415c607b7e2e0fa50", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "985cafccbf9b7f862aa1c5ee566801e18b5161fb", |
| "lessThan": "a23461c47482fc232ffc9b819539d1f837adf2b1", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/comedi/drivers/vmk80xx.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.31", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.31", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.4.292", |
| "lessThanOrEqual": "4.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.9.290", |
| "lessThanOrEqual": "4.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.14.255", |
| "lessThanOrEqual": "4.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.217", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.159", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.79", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.14.18", |
| "lessThanOrEqual": "5.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.2", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.16", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "4.4.292" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "4.9.290" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "4.14.255" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "4.19.217" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "5.4.159" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "5.10.79" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "5.14.18" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "5.15.2" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.31", |
| "versionEndExcluding": "5.16" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1" |
| } |
| ], |
| "title": "comedi: vmk80xx: fix transfer-buffer overflows", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-47475", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
