SB2024060846 - Information disclosure in Linux kernel comedi drivers driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2021-47477)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dt9812_read_info(), dt9812_read_multiple_registers(), dt9812_write_multiple_registers() and dt9812_rmw_multiple_registers() functions in drivers/staging/comedi/drivers/dt9812.c. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
• https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
• https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
• https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
• https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
• https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
• https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
• https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
• https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.255
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.159