diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-15 11:29:45 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-15 11:29:45 +0100 |
| commit | c1d799aa536c047e333d639d388fed425fbd5fd3 (patch) | |
| tree | b8f66ca53fba9846da9e38e8d6b55f474be42633 | |
| parent | eaf27da3939ce18a09955653c24c599fbdde0457 (diff) | |
| download | vulns-c1d799aa536c047e333d639d388fed425fbd5fd3.tar.gz | |
another test cve for examples.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | cve/published/2021/CVE-2021-47182 (renamed from cve/reserved/2021/CVE-2021-47182) | 0 | ||||
| -rw-r--r-- | cve/published/2021/CVE-2021-47182.json | 90 | ||||
| -rw-r--r-- | cve/published/2021/CVE-2021-47182.mbox | 53 | ||||
| -rw-r--r-- | cve/published/2021/CVE-2021-47182.sha1 | 1 |
4 files changed, 144 insertions, 0 deletions
diff --git a/cve/reserved/2021/CVE-2021-47182 b/cve/published/2021/CVE-2021-47182 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47182 +++ b/cve/published/2021/CVE-2021-47182 diff --git a/cve/published/2021/CVE-2021-47182.json b/cve/published/2021/CVE-2021-47182.json new file mode 100644 index 00000000..768c98a4 --- /dev/null +++ b/cve/published/2021/CVE-2021-47182.json @@ -0,0 +1,90 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "USB: gadget: detect too-big endpoint 0 requests\n\nSometimes USB hosts can ask for buffers that are too large from endpoint\n0, which should not be allowed. If this happens for OUT requests, stall\nthe endpoint, but for IN requests, trim the request size to the endpoint\nbuffer size." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "versions": [ + { + "version": "0", + "lessThan": "4.4.295", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "4.9.293", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "4.14.258", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "4.19.221", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.4.165", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.10.85", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.15.8", + "status": "affected", + "versionType": "custom" + }, + { + "version": "0", + "lessThan": "5.16", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/linux/c/153a2d7e3350cc89d406ba2d35be8793a64c2038" + } + ], + "title": "USB: gadget: detect too-big endpoint 0 requests", + "x_generator": { + "engine": "bippy-42982939a884" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47182", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47182.mbox b/cve/published/2021/CVE-2021-47182.mbox new file mode 100644 index 00000000..81be1776 --- /dev/null +++ b/cve/published/2021/CVE-2021-47182.mbox @@ -0,0 +1,53 @@ +From bippy-42982939a884 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org> +Subject: CVE-2021-47182: USB: gadget: detect too-big endpoint 0 requests + +Description +=========== + +USB: gadget: detect too-big endpoint 0 requests + +Sometimes USB hosts can ask for buffers that are too large from endpoint +0, which should not be allowed. If this happens for OUT requests, stall +the endpoint, but for IN requests, trim the request size to the endpoint +buffer size. + +The Linux kernel CVE team has assigned CVE-2021-47182 to this issue. + + +Affected versions +================= + + Fixed in 4.4.295 + Fixed in 4.9.293 + Fixed in 4.14.258 + Fixed in 4.19.221 + Fixed in 5.4.165 + Fixed in 5.10.85 + Fixed in 5.15.8 + Fixed in 5.16 + +Please note that only supported kernel versions have fixes applied to +them. For a full list of currently supported kernel versions, please +see https://www.kernel.org/ + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47182 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/153a2d7e3350cc89d406ba2d35be8793a64c2038 diff --git a/cve/published/2021/CVE-2021-47182.sha1 b/cve/published/2021/CVE-2021-47182.sha1 new file mode 100644 index 00000000..14e33e8a --- /dev/null +++ b/cve/published/2021/CVE-2021-47182.sha1 @@ -0,0 +1 @@ +153a2d7e3350cc89d406ba2d35be8793a64c2038 |