CVE-2021-47120
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
15/03/2024
Last modified:
07/01/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
HID: magicmouse: fix NULL-deref on disconnect<br />
<br />
Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic<br />
Trackpad 2") added a sanity check for an Apple trackpad but returned<br />
success instead of -ENODEV when the check failed. This means that the<br />
remove callback will dereference the never-initialised driver data<br />
pointer when the driver is later unbound (e.g. on USB disconnect).
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.125 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.43 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.12.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6
- https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497
- https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f
- https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77
- https://git.kernel.org/stable/c/368c5d45a87e1bcc7f1e98e0c255c37b7b12c5d6
- https://git.kernel.org/stable/c/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497
- https://git.kernel.org/stable/c/9cf27473f21913a3eaf4702dd2a25415afd5f33f
- https://git.kernel.org/stable/c/b5d013c4c76b276890135b5d32803c4c63924b77