#VU90298 Out-of-bounds read in Linux kernel - CVE-2021-47404

Vulnerability identifier: #VU90298

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47404

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019
https://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525
https://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9
https://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914
https://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550
https://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee
https://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e
https://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.