SB20240603112 - NULL pointer dereference in Linux kernel comedi drivers driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2021-47475)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the IC3_VERSION BIT() and vmk80xx_alloc_usb_buffers() functions in drivers/staging/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f
• https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba
• https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7
• https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088
• https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9
• https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00
• https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47
• https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50
• https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.255
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.159