CVE-2021-47170

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2021-47170 SUSE-SU-2024:1454-1 SUSE-SU-2024:1465-1 SUSE-SU-2024:1489-1 SUSE-SU-2025:01983-1 UBUNTU-CVE-2021-47170

Analyzed

Published: 25 Mar 2024, 09:16

Last modified:11 May 2026, 13:49

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Mar 2024, 09:16

Published

Vulnerability first disclosed

11 May 2026, 13:49

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 5%

Techniques & Countermeasures

CWE-770•Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Affected Systems

linux•linux
≥ add1aaeabe6b08ed26381a2a06e505b2f09c3ba5, < 2ab21d6e1411999b5fb43434f421f00bf50002eb | ≥ add1aaeabe6b08ed26381a2a06e505b2f09c3ba5, < 2c835fede13e03f2743a333e4370b5ed2db91e83 | ≥ add1aaeabe6b08ed26381a2a06e505b2f09c3ba5, < 8d83f109e920d2776991fa142bb904d985dca2ed | ≥ add1aaeabe6b08ed26381a2a06e505b2f09c3ba5, < 9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098 | ≥ add1aaeabe6b08ed26381a2a06e505b2f09c3ba5, < 4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de | 3.3
linux•linux_kernel
< 4.19.193 | ≥ 4.20, < 5.4.124 | ≥ 5.5, < 5.10.42 | ≥ 5.11, < 5.12.9 | 5.13:rc1 | 5.13:rc2 | 5.13:rc3