CVE-2021-47405 : In the Linux kernel, the following vulnerability has been resolved: HID: usbhid

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47

Published 2024-05-21 15:15:26

Updated 2025-02-03 16:11:51

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47405

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.14.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 4.19.209
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.285
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.71
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.249
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 4.4.286
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.151
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47405

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47405

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-02-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-47405

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47405

https://git.kernel.org/stable/c/f7744fa16b96da57187dc8e5634152d3b63d72de

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/efc5c8d29256955cc90d8d570849b2d6121ed09f

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/965147067fa1bedff3ae1f07ce3f89f1a14d2df3

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/f7ac4d24e1610b92689946fa88177673f1e88a3f

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/764ac04de056801dfe52a716da63f6e7018e7f3b

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/c3156fea4d8a0e643625dff69a0421e872d1fdae

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/2b704864c92dcec2b295f276fcfbfb81d9831f81

HID: usbhid: free raw_report buffers in usbhid_stop - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47405

Products affected by CVE-2021-47405

Exploit prediction scoring system (EPSS) score for CVE-2021-47405

CVSS scores for CVE-2021-47405

CWE ids for CVE-2021-47405

References for CVE-2021-47405