Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47477 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU91330
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47477
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dt9812_read_info(), dt9812_read_multiple_registers(), dt9812_write_multiple_registers() and dt9812_rmw_multiple_registers() functions in drivers/staging/comedi/drivers/dt9812.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
http://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
http://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
http://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
http://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
http://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
http://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
http://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
http://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.