THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2021-47404

HID: betop: fix slab-out-of-bounds Write in betop_probe

AssignerLinux
Reserved2024-05-21
Published2024-05-21
Updated2024-06-11

Description

In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate this assumption. So this patch checks hid_device's input is non empty before it's been used.

Product status

Default status
unaffected

1da177e4c3f4 before a4faa7153b87
affected

1da177e4c3f4 before 6fc4476dda58
affected

1da177e4c3f4 before 1c83c38dec83
affected

1da177e4c3f4 before bb8b72374db6
affected

1da177e4c3f4 before fe9bb925e709
affected

1da177e4c3f4 before dedfc35a2de2
affected

1da177e4c3f4 before 708107b80aa6
affected

1da177e4c3f4 before 1e4ce418b1cb
affected

Default status
affected

4.4.286
unaffected

4.9.285
unaffected

4.14.249
unaffected

4.19.209
unaffected

5.4.151
unaffected

5.10.71
unaffected

5.14.10
unaffected

5.15
unaffected

References

https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019

https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525

https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9

https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914

https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550

https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee

https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e

https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993

cve.org CVE-2021-47404

nvd.nist.gov CVE-2021-47404

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-47404
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +