vulnerability

Debian: CVE-2021-47477: linux -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

May 22, 2024

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

comedi: dt9812: fix DMA buffers on stack

USB transfer buffers are typically mapped for DMA and must not be
allocated on the stack or transfers will fail.

Allocate proper transfer buffers in the various command helpers and
return an error on short transfers instead of acting on random stack
data.

Note that this also fixes a stack info leak on systems where DMA is not
used as 32 bytes are always sent to the device regardless of how short
the command is.

Solution

debian-upgrade-linux

References

CVE-2021-47477
https://attackerkb.com/topics/CVE-2021-47477
CWE-787
EUVD-EUVD-2021-34482
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-34482

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report