CVE-2021-47120

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Mar 15, 2024
Updated: Jan 7, 2025
CWE ID 476

Summary

CVE-2021-47120 is a Linux kernel vulnerability affecting the HID ( Human Interface Device) driver for magicmouse. A commit added support for Apple Magic Trackpad 2, but failed to properly check for its presence, returning success instead of the expected error when the check failed. Consequently, when the driver is unbound, as during USB disconnect, the remove callback dereferences an uninitialized driver data pointer, resulting in a NULL dereference. This vulnerability could potentially lead to system instability or even allow an attacker to execute arbitrary code. Users are advised to update their Linux kernel to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share