DEBIAN-CVE-2021-47170
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 25 Mar 2024, 10:15
Last modified:28 Apr 2026, 20:23
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Mar 2024, 10:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:23
Last Modified
Vulnerability information updated
Description
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- debian•linux
< 5.10.46-1 | < 5.14.6-1 | < 5.14.6-1 | < 5.14.6-1