vulnerability

Amazon Linux AMI 2: CVE-2021-46906: Security patch for kernel (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:C/I:N/A:N)	Feb 26, 2024	Mar 19, 2024	May 20, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

Feb 26, 2024

Added

Mar 19, 2024

Modified

May 20, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: usbhid: fix info leak in hid_submit_ctrl

In hid_submit_ctrl(), the way of calculating the report length doesn't
take into account that report->size can be zero. When running the
syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to
calculate transfer_buffer_length as 16384. When this urb is passed to
the usb core layer, KMSAN reports an info leak of 16384 bytes.

To fix this, first modify hid_report_len() to account for the zero
report size case by using DIV_ROUND_UP for the division. Then, call it
from hid_submit_ctrl().

Solutions

amazon-linux-ami-2-upgrade-bpftoolamazon-linux-ami-2-upgrade-bpftool-debuginfoamazon-linux-ami-2-upgrade-kernelamazon-linux-ami-2-upgrade-kernel-debuginfoamazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64amazon-linux-ami-2-upgrade-kernel-develamazon-linux-ami-2-upgrade-kernel-headersamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-238-182-421amazon-linux-ami-2-upgrade-kernel-toolsamazon-linux-ami-2-upgrade-kernel-tools-debuginfoamazon-linux-ami-2-upgrade-kernel-tools-develamazon-linux-ami-2-upgrade-perfamazon-linux-ami-2-upgrade-perf-debuginfoamazon-linux-ami-2-upgrade-python-perfamazon-linux-ami-2-upgrade-python-perf-debuginfo

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report