How severe is CVE-2021-47476?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2021-47476?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2021-47476 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501_port_command() and ni6501_counter_command() if a (malicious) device has smaller max-packet sizes than expected (or when doing descriptor fuzz testing). Add the missing sanity checks to probe().

Related Vulnerabilities

CVE-2015-7515

MEDIUM

CVSS:4.6(Medium)

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)...

CWE-4762015

CVE-2016-2782

MEDIUM

CVSS:4.6(Medium)

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or ...

CWE-4762016

CVE-2017-5625

MEDIUM

CVSS:4.6(Medium)

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by i...

CWE-4762017

CVE-2019-15098

MEDIUM

CVSS:4.6(Medium)

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

CWE-4762019

CVE-2019-15216

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

CWE-4762019

CVE-2019-15217

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

CWE-4762019