CVE-2021-47270

usb: fix various gadgets null ptr deref on 10gbps cabling.

Description

In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadgets null ptr deref on 10gbps cabling. This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} by simply reusing the 5gbps config for 10gbps.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/beb1e67a5ca8d69703c776db9000527f44c0c93c patch
https://git.kernel.org/stable/c/8cd5f45c1b769e3e9e0f4325dd08b6c3749dc7ee patch
https://git.kernel.org/stable/c/10770d2ac0094b053c8897d96d7b2737cd72f7c5 patch
https://git.kernel.org/stable/c/b4903f7fdc484628d0b8022daf86e2439d3ab4db patch
https://git.kernel.org/stable/c/4b289a0f3033f465b4fd51ba995251a7867a2aa2 patch
https://git.kernel.org/stable/c/f17aae7c4009160f0630a91842a281773976a5bc patch
https://git.kernel.org/stable/c/90c4d05780d47e14a50e11a7f17373104cd47d25 patch

Frequently Asked Questions

What is the severity of CVE-2021-47270?
CVE-2021-47270 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47270?
To fix CVE-2021-47270, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47270 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47270 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47270?
CVE-2021-47270 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.