Information disclosure in Linux kernel comedi drivers driver

1) Information disclosure

EUVDB-ID: #VU91330

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47477

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dt9812_read_info(), dt9812_read_multiple_registers(), dt9812_write_multiple_registers() and dt9812_rmw_multiple_registers() functions in drivers/staging/comedi/drivers/dt9812.c. A local user can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

External links

http://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
http://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
http://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
http://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
http://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
http://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
http://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
http://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
http://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.