5.5
MEDIUM
CVE-2021-47269
Qualcomm dwc3 USB Vulnerability Null Pointer Dereference
Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer eps and the index might wrongly indicate a larger ep index than existing. By adding this validation from the patch we can actually report a wrong index back to the caller. In our usecase we are using a composite device on an older kernel, but upstream might use this fix also. Unfortunately, I cannot describe the hardware for others to reproduce the issue as it is a proprietary implementation. [ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4 [ 82.966891] Mem abort info: [ 82.969663] ESR = 0x96000006 [ 82.972703] Exception class = DABT (current EL), IL = 32 bits [ 82.978603] SET = 0, FnV = 0 [ 82.981642] EA = 0, S1PTW = 0 [ 82.984765] Data abort info: [ 82.987631] ISV = 0, ISS = 0x00000006 [ 82.991449] CM = 0, WnR = 0 [ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc [ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000 [ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP [ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c) [ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1 [ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c [ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94 ... [ 83.141788] Call trace: [ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c [ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94 [ 83.181546] ---[ end trace aac6b5267d84c32f ]---

INFO

Published Date :

May 21, 2024, 3:15 p.m.

Last Modified :

Dec. 24, 2024, 4:33 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-47269 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-47269.

URL Resource
https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 Patch
https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a Patch
https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 Patch
https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 Patch
https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 Patch
https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 Patch
https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc Patch
https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a Patch
https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 Patch
https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a Patch
https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 Patch
https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 Patch
https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 Patch
https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 Patch
https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc Patch
https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47269 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47269 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 24, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.4.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.237 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.195 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.126 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.44 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.12.11 *cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*
    Changed Reference Type https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 No Types Assigned https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 No Types Assigned https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a No Types Assigned https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a Patch
    Changed Reference Type https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a No Types Assigned https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a Patch
    Changed Reference Type https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 No Types Assigned https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 Patch
    Changed Reference Type https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 No Types Assigned https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 Patch
    Changed Reference Type https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 No Types Assigned https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 Patch
    Changed Reference Type https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 No Types Assigned https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 Patch
    Changed Reference Type https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 No Types Assigned https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 Patch
    Changed Reference Type https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 No Types Assigned https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 Patch
    Changed Reference Type https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 No Types Assigned https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 Patch
    Changed Reference Type https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 No Types Assigned https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 Patch
    Changed Reference Type https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc No Types Assigned https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc Patch
    Changed Reference Type https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc No Types Assigned https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc Patch
    Changed Reference Type https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a No Types Assigned https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a Patch
    Changed Reference Type https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a No Types Assigned https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4
    Added Reference https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a
    Added Reference https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749
    Added Reference https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19
    Added Reference https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528
    Added Reference https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16
    Added Reference https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc
    Added Reference https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer eps and the index might wrongly indicate a larger ep index than existing. By adding this validation from the patch we can actually report a wrong index back to the caller. In our usecase we are using a composite device on an older kernel, but upstream might use this fix also. Unfortunately, I cannot describe the hardware for others to reproduce the issue as it is a proprietary implementation. [ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4 [ 82.966891] Mem abort info: [ 82.969663] ESR = 0x96000006 [ 82.972703] Exception class = DABT (current EL), IL = 32 bits [ 82.978603] SET = 0, FnV = 0 [ 82.981642] EA = 0, S1PTW = 0 [ 82.984765] Data abort info: [ 82.987631] ISV = 0, ISS = 0x00000006 [ 82.991449] CM = 0, WnR = 0 [ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc [ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000 [ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP [ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c) [ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1 [ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c [ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94 ... [ 83.141788] Call trace: [ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c [ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94 [ 83.181546] ---[ end trace aac6b5267d84c32f ]---
    Added Reference kernel.org https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47269 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47269 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Jul. 14, 2025 8:08