CVE - CVE-2021-47269

CVE-ID
CVE-2021-47269	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer eps and the index might wrongly indicate a larger ep index than existing. By adding this validation from the patch we can actually report a wrong index back to the caller. In our usecase we are using a composite device on an older kernel, but upstream might use this fix also. Unfortunately, I cannot describe the hardware for others to reproduce the issue as it is a proprietary implementation. [ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4 [ 82.966891] Mem abort info: [ 82.969663] ESR = 0x96000006 [ 82.972703] Exception class = DABT (current EL), IL = 32 bits [ 82.978603] SET = 0, FnV = 0 [ 82.981642] EA = 0, S1PTW = 0 [ 82.984765] Data abort info: [ 82.987631] ISV = 0, ISS = 0x00000006 [ 82.991449] CM = 0, WnR = 0 [ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc [ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000 [ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP [ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c) [ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1 [ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c [ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94 ... [ 83.141788] Call trace: [ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c [ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94 [ 83.181546] ---[ end trace aac6b5267d84c32f ]---
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 URL:https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 MISC:https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a URL:https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a MISC:https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 URL:https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 MISC:https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 URL:https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 MISC:https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 URL:https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 MISC:https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 URL:https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 MISC:https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc URL:https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc MISC:https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a URL:https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a
Assigning CNA
kernel.org
Date Record Created
20240521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)