CVE-2021-47405

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: usbhid: free raw_report buffers in usbhid_stop

Free the unsent raw_report buffers when the device is removed.

Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < 7ce4e49146612261265671b1d30d117139021030affected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < efc5c8d29256955cc90d8d570849b2d6121ed09faffected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < c3156fea4d8a0e643625dff69a0421e872d1fdaeaffected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < 764ac04de056801dfe52a716da63f6e7018e7f3baffected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < 965147067fa1bedff3ae1f07ce3f89f1a14d2df3affected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < f7ac4d24e1610b92689946fa88177673f1e88a3faffected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < 2b704864c92dcec2b295f276fcfbfb81d9831f81affected
LinuxLinuxf129ea6d1efe0eddcbb1f0faaec5623788ad9e58 < f7744fa16b96da57187dc8e5634152d3b63d72deaffected
LinuxLinux2.6.28affected
LinuxLinux0 < 2.6.28unaffected
LinuxLinux4.4.286 <= 4.4.*unaffected
LinuxLinux4.9.285 <= 4.9.*unaffected
LinuxLinux4.14.249 <= 4.14.*unaffected
LinuxLinux4.19.209 <= 4.19.*unaffected
LinuxLinux5.4.151 <= 5.4.*unaffected
LinuxLinux5.10.71 <= 5.10.*unaffected
LinuxLinux5.14.10 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References