CVE-2021-47331

In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When power on system with OTG cable, IDDIG's interrupt arises before the charger registration, it will cause a NULL pointer dereference, fix the issue by registering the power supply before requesting IDDIG/VBUS irq.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1a133a0996d6b4c83509d570ed4edcba34c44f25	Patch
https://git.kernel.org/stable/c/436906fd248e018403bcda61a9311d9af02912f1	Patch
https://git.kernel.org/stable/c/880287910b1892ed2cb38977893b947382a09d21	Patch
https://git.kernel.org/stable/c/8e8d910e9a3a7fba86140aff4924c30955ab228b	Patch
https://git.kernel.org/stable/c/1a133a0996d6b4c83509d570ed4edcba34c44f25	Patch
https://git.kernel.org/stable/c/436906fd248e018403bcda61a9311d9af02912f1	Patch
https://git.kernel.org/stable/c/880287910b1892ed2cb38977893b947382a09d21	Patch
https://git.kernel.org/stable/c/8e8d910e9a3a7fba86140aff4924c30955ab228b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-05-21 15:15

Updated : 2024-12-24 16:16

NVD link : CVE-2021-47331

Mitre link : CVE-2021-47331

CVE.ORG link : CVE-2021-47331

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2021-47331", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:20.067", "references": [{"url": "https://git.kernel.org/stable/c/1a133a0996d6b4c83509d570ed4edcba34c44f25", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/436906fd248e018403bcda61a9311d9af02912f1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/880287910b1892ed2cb38977893b947382a09d21", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8e8d910e9a3a7fba86140aff4924c30955ab228b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1a133a0996d6b4c83509d570ed4edcba34c44f25", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/436906fd248e018403bcda61a9311d9af02912f1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/880287910b1892ed2cb38977893b947382a09d21", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/8e8d910e9a3a7fba86140aff4924c30955ab228b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: common: usb-conn-gpio: fix NULL pointer dereference of charger\n\nWhen power on system with OTG cable, IDDIG's interrupt arises before\nthe charger registration, it will cause a NULL pointer dereference,\nfix the issue by registering the power supply before requesting\nIDDIG/VBUS irq."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: com\u00fan: usb-conn-gpio: corrige la desreferencia del puntero NULL del cargador. Cuando se enciende el sistema con un cable OTG, la interrupci\u00f3n de IDDIG surge antes del registro del cargador, lo que provocar\u00e1 un puntero NULL desreferencia, solucione el problema registrando la fuente de alimentaci\u00f3n antes de solicitar IDDIG/VBUS irq."}], "lastModified": "2024-12-24T16:16:33.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ECB10DC-0FFD-4B95-9B7E-131C450448A5", "versionEndExcluding": "5.10.52"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E", "versionEndExcluding": "5.12.19", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93FA3CC-0C79-410B-A7D7-245C2AA0723A", "versionEndExcluding": "5.13.4", "versionStartIncluding": "5.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}