CVE-2021-47120 in Linuxinfo

Summary

by MITRE • 03/15/2024

In the Linux kernel, the following vulnerability has been resolved:

HID: magicmouse: fix NULL-deref on disconnect

Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad but returned success instead of -ENODEV when the check failed. This means that the remove callback will dereference the never-initialised driver data pointer when the driver is later unbound (e.g. on USB disconnect).

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 06/21/2025

The vulnerability CVE-2021-47120 represents a critical null pointer dereference issue within the Linux kernel's HID (Human Interface Device) subsystem, specifically affecting the magicmouse driver implementation. This flaw manifests in the handling of Apple Magic Trackpad 2 devices where the driver fails to properly initialize critical data structures during the device binding process. The root cause stems from a code change introduced in commit 9d7b18668956 which implemented a sanity check for Apple trackpad devices but incorrectly returned a success status instead of the appropriate -ENODEV error code when validation failed. This seemingly minor deviation in error handling creates a dangerous condition where the driver continues to operate with uninitialized memory pointers, setting the stage for a subsequent crash when the device is disconnected or unbound from the system.

The technical execution of this vulnerability occurs during the device removal sequence when the kernel attempts to clean up resources associated with the improperly initialized trackpad device. When a USB disconnect event occurs, the remove callback function attempts to dereference a driver data pointer that was never properly initialized due to the flawed sanity check logic. This null pointer dereference results in an immediate system crash or kernel panic, effectively causing a denial of service condition that can disrupt user interaction with the device and potentially impact system stability. The vulnerability specifically affects systems running Linux kernels that include the problematic commit, making it a widespread concern across various distributions and hardware configurations that utilize Apple Magic Trackpad 2 devices.

From an operational perspective, this vulnerability presents significant security implications as it can be exploited to cause system instability and denial of service attacks. An attacker could potentially trigger this condition through device enumeration or disconnection sequences, leading to system crashes that might be difficult to distinguish from hardware failures. The vulnerability aligns with CWE-476 which describes NULL pointer dereference conditions, and represents a classic example of improper error handling in kernel space code. The attack surface is primarily limited to systems with Apple Magic Trackpad 2 devices connected via USB, but the impact extends beyond individual device functionality to potentially affect overall system reliability and user experience.

Mitigation strategies for CVE-2021-47120 focus on applying the appropriate kernel patches that correct the error handling logic in the magicmouse driver. The fix involves modifying the sanity check implementation to properly return -ENODEV when validation fails, ensuring that the driver data structure remains in a consistent initialized state throughout the device lifecycle. System administrators should prioritize updating to kernel versions that include the corrected commit 9d7b18668956 or applying the specific patch that addresses this null pointer dereference issue. Additionally, monitoring systems should be configured to detect kernel panic events that might indicate exploitation attempts, and security teams should consider implementing device access controls to limit exposure where possible. Organizations using embedded systems or critical infrastructure should conduct thorough testing of kernel updates to ensure compatibility and stability before deployment, as kernel modifications can have cascading effects on system functionality and performance.

Sources

Want to know what is going to be exploited?

We predict KEV entries!