CVE-2021-42205

EUVD-2021-29187
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
lenovoelan_miniport_touchpad_driver
𝑥
< 24.21.51.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.emc.com.tw/upload/F2E/Vulnerability%20Report/Vulnerability%20Report_Miniport%20touchpad%20Windows%20driver_20221107.pdf
https://www.emc.com.tw/upload/F2E/Vulnerability%20Report/Vulnerability%20Report_Miniport%20touchpad%20Windows%20driver_20221107.pdf