CVE-2021-47475: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize of usb endpoints found") inadvertently fixed NULL-pointer dereferences when accessing the transfer buffers in case a malicious device has a zero wMaxPacketSize. Make sure to allocate buffers large enough to handle also the other accesses that are done without a size check (e.g. byte 18 in vmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond the buffers, for example, when doing descriptor fuzzing. The original driver was for a low-speed device with 8-byte buffers. Support was later added for a device that uses bulk transfers and is presumably a full-speed device with a maximum 64-byte wMaxPacketSize.
AI Analysis
Technical Summary
CVE-2021-47475 is a vulnerability identified in the Linux kernel's Comedi driver, specifically the vmk80xx module, which handles USB data transfers for certain measurement devices. The vulnerability arises from improper buffer size validation when handling USB transfer buffers. Originally designed for low-speed devices with 8-byte buffers, the driver was later extended to support full-speed devices with bulk transfers and a maximum USB endpoint packet size (wMaxPacketSize) of up to 64 bytes. However, the driver lacked sufficient sanity checks on the size of these transfer buffers, leading to potential buffer overflows. A prior commit inadvertently fixed NULL-pointer dereferences caused by zero wMaxPacketSize values from malicious USB devices, but did not fully address the risk of buffer overflows due to insufficient buffer allocation. Specifically, certain accesses, such as the read operation at byte 18 in vmk80xx_cnt_insn_read() for the VMK8061_MODEL device, could write beyond allocated buffer boundaries if the buffer size was underestimated. This vulnerability could be triggered by a malicious or fuzzed USB device descriptor that manipulates the wMaxPacketSize field, causing the driver to allocate buffers too small to safely handle incoming data, resulting in memory corruption. While no known exploits are currently reported in the wild, the flaw represents a risk of kernel memory corruption, which could lead to system instability, denial of service, or potentially privilege escalation if exploited. The vulnerability affects Linux kernel versions containing the vulnerable commit identified by the hash 985cafccbf9b7f862aa1c5ee566801e18b5161fb and was publicly disclosed on May 22, 2024. No CVSS score has been assigned yet, and no official patches or exploit code are currently linked, but the issue has been acknowledged and fixed in recent kernel updates.
Potential Impact
For European organizations, the impact of CVE-2021-47475 depends largely on the use of affected Linux kernels and the deployment of devices relying on the vmk80xx Comedi driver, which is typically used in industrial measurement and control systems. Organizations in sectors such as manufacturing, energy, research laboratories, and industrial automation that use Linux-based systems with these drivers are at risk. Exploitation could allow an attacker with physical or USB access to a system to cause kernel memory corruption, potentially leading to system crashes (denial of service) or privilege escalation. This could disrupt critical industrial processes, data acquisition, or control systems, impacting operational continuity and safety. Given the kernel-level nature of the vulnerability, successful exploitation could undermine system integrity and confidentiality, especially in environments where USB devices are connected without strict controls. While remote exploitation is unlikely without physical or USB access, insider threats or supply chain attacks involving malicious USB devices could leverage this vulnerability. The lack of known exploits reduces immediate risk, but the potential severity in industrial and critical infrastructure contexts warrants prompt attention.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2021-47475 as soon as vendor patches become available. In the interim, organizations should implement strict USB device control policies, including disabling unused USB ports, employing USB device whitelisting, and using endpoint security solutions that monitor and restrict USB device behavior. For industrial environments, isolating measurement and control systems from general-purpose networks and limiting physical access to USB ports can reduce exposure. Conducting audits to identify systems running vulnerable kernel versions and the presence of vmk80xx drivers is essential. Additionally, organizations should consider deploying kernel hardening techniques such as memory protection features (e.g., Kernel Address Space Layout Randomization - KASLR) and monitoring for unusual kernel crashes or memory corruption symptoms. Training staff on the risks of connecting untrusted USB devices and enforcing strict supply chain security for USB peripherals will further mitigate risk. Finally, maintaining up-to-date backups and incident response plans will help recover from potential exploitation.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Sweden, Finland, Belgium, Poland, Spain
CVE-2021-47475: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize of usb endpoints found") inadvertently fixed NULL-pointer dereferences when accessing the transfer buffers in case a malicious device has a zero wMaxPacketSize. Make sure to allocate buffers large enough to handle also the other accesses that are done without a size check (e.g. byte 18 in vmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond the buffers, for example, when doing descriptor fuzzing. The original driver was for a low-speed device with 8-byte buffers. Support was later added for a device that uses bulk transfers and is presumably a full-speed device with a maximum 64-byte wMaxPacketSize.
AI-Powered Analysis
Technical Analysis
CVE-2021-47475 is a vulnerability identified in the Linux kernel's Comedi driver, specifically the vmk80xx module, which handles USB data transfers for certain measurement devices. The vulnerability arises from improper buffer size validation when handling USB transfer buffers. Originally designed for low-speed devices with 8-byte buffers, the driver was later extended to support full-speed devices with bulk transfers and a maximum USB endpoint packet size (wMaxPacketSize) of up to 64 bytes. However, the driver lacked sufficient sanity checks on the size of these transfer buffers, leading to potential buffer overflows. A prior commit inadvertently fixed NULL-pointer dereferences caused by zero wMaxPacketSize values from malicious USB devices, but did not fully address the risk of buffer overflows due to insufficient buffer allocation. Specifically, certain accesses, such as the read operation at byte 18 in vmk80xx_cnt_insn_read() for the VMK8061_MODEL device, could write beyond allocated buffer boundaries if the buffer size was underestimated. This vulnerability could be triggered by a malicious or fuzzed USB device descriptor that manipulates the wMaxPacketSize field, causing the driver to allocate buffers too small to safely handle incoming data, resulting in memory corruption. While no known exploits are currently reported in the wild, the flaw represents a risk of kernel memory corruption, which could lead to system instability, denial of service, or potentially privilege escalation if exploited. The vulnerability affects Linux kernel versions containing the vulnerable commit identified by the hash 985cafccbf9b7f862aa1c5ee566801e18b5161fb and was publicly disclosed on May 22, 2024. No CVSS score has been assigned yet, and no official patches or exploit code are currently linked, but the issue has been acknowledged and fixed in recent kernel updates.
Potential Impact
For European organizations, the impact of CVE-2021-47475 depends largely on the use of affected Linux kernels and the deployment of devices relying on the vmk80xx Comedi driver, which is typically used in industrial measurement and control systems. Organizations in sectors such as manufacturing, energy, research laboratories, and industrial automation that use Linux-based systems with these drivers are at risk. Exploitation could allow an attacker with physical or USB access to a system to cause kernel memory corruption, potentially leading to system crashes (denial of service) or privilege escalation. This could disrupt critical industrial processes, data acquisition, or control systems, impacting operational continuity and safety. Given the kernel-level nature of the vulnerability, successful exploitation could undermine system integrity and confidentiality, especially in environments where USB devices are connected without strict controls. While remote exploitation is unlikely without physical or USB access, insider threats or supply chain attacks involving malicious USB devices could leverage this vulnerability. The lack of known exploits reduces immediate risk, but the potential severity in industrial and critical infrastructure contexts warrants prompt attention.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2021-47475 as soon as vendor patches become available. In the interim, organizations should implement strict USB device control policies, including disabling unused USB ports, employing USB device whitelisting, and using endpoint security solutions that monitor and restrict USB device behavior. For industrial environments, isolating measurement and control systems from general-purpose networks and limiting physical access to USB ports can reduce exposure. Conducting audits to identify systems running vulnerable kernel versions and the presence of vmk80xx drivers is essential. Additionally, organizations should consider deploying kernel hardening techniques such as memory protection features (e.g., Kernel Address Space Layout Randomization - KASLR) and monitoring for unusual kernel crashes or memory corruption symptoms. Training staff on the risks of connecting untrusted USB devices and enforcing strict supply chain security for USB peripherals will further mitigate risk. Finally, maintaining up-to-date backups and incident response plans will help recover from potential exploitation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-22T06:20:56.200Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe922c
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 1:28:44 PM
Last updated: 8/13/2025, 12:06:43 PM
Views: 12
Related Threats
CVE-2025-53631: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in DogukanUrker flaskBlog
MediumCVE-2025-8964: Improper Authentication in code-projects Hostel Management System
MediumCVE-2025-7971: CWE-20: Improper Input Validation in Rockwell Automation Studio 5000 Logix Designer®
HighCVE-2025-40758: CWE-347: Improper Verification of Cryptographic Signature in Siemens Mendix SAML (Mendix 10.12 compatible)
HighCVE-2025-36613: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.