#VU91330 Information disclosure in Linux kernel - CVE-2021-47477

Vulnerability identifier: #VU91330

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47477

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dt9812_read_info(), dt9812_read_multiple_registers(), dt9812_write_multiple_registers() and dt9812_rmw_multiple_registers() functions in drivers/staging/comedi/drivers/dt9812.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.