CVE-2021-46906
Published: Feb 26, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < c5d3c142f2d57d40c55e65d5622d319125a45366affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 41b1e71a2c57366b08dcca1a28b0d45ca69429ceaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 8c064eece9a51856f3f275104520c7e3017fc5c0affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 0e280502be1b003c3483ae03fc60dea554fcfa82affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.4.274 - <= 4.4.*unaffected 4.9.274 - <= 4.9.*unaffected 4.14.238 - <= 4.14.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now