Out-of-bounds read in Linux kernel hid driver



Published: 2024-05-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47404
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU90298

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47404

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019
http://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525
http://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9
http://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914
http://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550
http://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee
http://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e
http://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###