Vulnerability identifier: #VU90298

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47404

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
http://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019
http://git.kernel.org/stable/c/6fc4476dda58f6c00097c7ddec3b772513f57525
http://git.kernel.org/stable/c/1c83c38dec83d57bc18d0c01d82c413d3b34ccb9
http://git.kernel.org/stable/c/bb8b72374db69afa25a5b65cf1c092860c6fe914
http://git.kernel.org/stable/c/fe9bb925e7096509711660d39c0493a1546e9550
http://git.kernel.org/stable/c/dedfc35a2de2bae9fa3da8210a05bfd515f83fee
http://git.kernel.org/stable/c/708107b80aa616976d1c5fa60ac0c1390749db5e
http://git.kernel.org/stable/c/1e4ce418b1cb1a810256b5fb3fd33d22d1325993

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.