CVE

CVE-2021-46906

Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2024
Last modified:
26/02/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: usbhid: fix info leak in hid_submit_ctrl<br /> <br /> In hid_submit_ctrl(), the way of calculating the report length doesn&amp;#39;t<br /> take into account that report-&gt;size can be zero. When running the<br /> syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to<br /> calculate transfer_buffer_length as 16384. When this urb is passed to<br /> the usb core layer, KMSAN reports an info leak of 16384 bytes.<br /> <br /> To fix this, first modify hid_report_len() to account for the zero<br /> report size case by using DIV_ROUND_UP for the division. Then, call it<br /> from hid_submit_ctrl().