Unrated severityNVD Advisory· Published Feb 26, 2024· Updated Jan 2, 2026

HID: usbhid: fix info leak in hid_submit_ctrl

CVE-2021-46906

Description

In the Linux kernel, the following vulnerability has been resolved:

In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes.

To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl().

Affected products

osv-coords89 versions
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_46&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2 pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_42&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_54&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 5.3.18-150300.59.153.2+ 88 more
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-16.173.1
- (no CPE)range: < 4.12.14-16.173.1
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150200.24.183.1.150200.9.93.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150200.24.183.1.150200.9.93.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150200.24.183.1.150200.9.93.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 1-150200.5.3.2
- (no CPE)range: < 1-150300.7.3.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-10.171.1
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 4.12.14-10.171.1
- (no CPE)range: < 4.12.14-16.173.1
- (no CPE)range: < 4.12.14-16.173.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 4.12.14-10.171.1
- (no CPE)range: < 4.12.14-16.173.1
- (no CPE)range: < 4.12.14-16.173.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 4.12.14-122.201.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 4.12.14-10.171.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 1-8.7.1
Linux/Linuxcpe-rescue
Range: 2.6.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000