NVD

CVE-2021-47475 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize of usb endpoints found") inadvertently fixed NULL-pointer dereferences when accessing the transfer buffers in case a malicious device has a zero wMaxPacketSize. Make sure to allocate buffers large enough to handle also the other accesses that are done without a size check (e.g. byte 18 in vmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond the buffers, for example, when doing descriptor fuzzing. The original driver was for a low-speed device with 8-byte buffers. Support was later added for a device that uses bulk transfers and is presumably a full-speed device with a maximum 64-byte wMaxPacketSize.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba	CVE, kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-787	Out-of-bounds Write	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Initial Analysis by NIST 9/24/2025 2:58:58 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-787
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.10 up to (excluding) 4.14.255 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.5 up to (excluding) 4.9.290 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.15 up to (excluding) 4.19.217 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 up to (excluding) 5.4.159 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.14.18 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.15 up to (excluding) 5.15.2 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 2.6.31 up to (excluding) 4.4.292 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.79
Added	Reference Type	CVE: https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba Types: Patch

CVE Modified by CVE 11/21/2024 1:36:15 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50
Added	Reference	https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9
Added	Reference	https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47
Added	Reference	https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00
Added	Reference	https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7
Added	Reference	https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f
Added	Reference	https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088
Added	Reference	https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1
Added	Reference	https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba

New CVE Received from kernel.org 5/22/2024 5:15:09 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize of usb endpoints found") inadvertently fixed NULL-pointer dereferences when accessing the transfer buffers in case a malicious device has a zero wMaxPacketSize. Make sure to allocate buffers large enough to handle also the other accesses that are done without a size check (e.g. byte 18 in vmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond the buffers, for example, when doing descriptor fuzzing. The original driver was for a low-speed device with 8-byte buffers. Support was later added for a device that uses bulk transfers and is presumably a full-speed device with a maximum 64-byte wMaxPacketSize.
Added	Reference	kernel.org https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-47475
NVD Published Date:
05/22/2024
NVD Last Modified:
09/24/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2021-47475 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 9/24/2025 2:58:58 PM

CVE Modified by CVE 11/21/2024 1:36:15 AM

CVE Modified by kernel.org 5/28/2024 4:16:05 PM

New CVE Received from kernel.org 5/22/2024 5:15:09 AM

Quick Info