CVE-2021-42205
low-risk
Published 2022-11-07
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
Do I need to act?
-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10
Medium
LOCAL
/ HIGH complexity
Affected Products (1)
Elan Miniport Touchpad Driver
Affected Vendors
References (2)
Third Party Advisory
https://www.emc.com.tw/upload/F2E/Vulnerability%20Report/Vulnerability%20Report_...
Third Party Advisory
https://www.emc.com.tw/upload/F2E/Vulnerability%20Report/Vulnerability%20Report_...
18
/ 100
low-risk
Severity
12/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal