CVE-2021-46906
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-46906
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46906.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-46906
- Related
- Published
- 2024-02-26T18:15:07Z
- Modified
- 2024-09-18T01:00:21Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
HID: usbhid: fix info leak in hidsubmitctrl
In hidsubmitctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hidsubmitctrl) to calculate transferbufferlength as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes.
To fix this, first modify hidreportlen() to account for the zero report size case by using DIVROUNDUP for the division. Then, call it from hidsubmitctrl().
- References
-
- https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82
- https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8
- https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce
- https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f
- https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1
- https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0
- https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9
- https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366
- https://security-tracker.debian.org/tracker/CVE-2021-46906
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source