{"id":"CVE-2021-47269","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: ep0: fix NULL pointer exception\n\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\n\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\n\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n\n[   82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[   82.966891] Mem abort info:\n[   82.969663]   ESR = 0x96000006\n[   82.972703]   Exception class = DABT (current EL), IL = 32 bits\n[   82.978603]   SET = 0, FnV = 0\n[   82.981642]   EA = 0, S1PTW = 0\n[   82.984765] Data abort info:\n[   82.987631]   ISV = 0, ISS = 0x00000006\n[   82.991449]   CM = 0, WnR = 0\n[   82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[   83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[   83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[   83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[   83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[   83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[   83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[   83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n\n...\n\n[   83.141788] Call trace:\n[   83.144227]  dwc3_ep0_handle_feature+0x414/0x43c\n[   83.148823]  dwc3_ep0_interrupt+0x3b4/0xc94\n[   83.181546] ---[ end trace aac6b5267d84c32f ]---","modified":"2026-03-13T05:20:39.721585Z","published":"2024-05-21T15:15:15.470Z","related":["SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2183-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2185-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4"},{"type":"FIX","url":"https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a"},{"type":"FIX","url":"https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749"},{"type":"FIX","url":"https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19"},{"type":"FIX","url":"https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528"},{"type":"FIX","url":"https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16"},{"type":"FIX","url":"https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc"},{"type":"FIX","url":"https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.273"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.273"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.237"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.195"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.126"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.44"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.12.11"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc5"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47269.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}