CVE-2021-42205

MEDIUM

ELAN Miniport <24.21.51.2 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-42205. PoCs published by gmh5225.

AI-analyzed exploit summary This repository provides a writeup for CVE-2021-42205, a local denial-of-service (DoS) vulnerability in the ELAN Miniport touchpad Windows driver. The vulnerability allows local users to crash the system by sending a specific IOCTL request, which is mishandled due to double processing.

Description

ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.

Exploits (1)

nomisec WRITEUP

by gmh5225 · poc

https://github.com/gmh5225/CVE-2021-42205

View Code ZIP pw:eip

This repository provides a writeup for CVE-2021-42205, a local denial-of-service (DoS) vulnerability in the ELAN Miniport touchpad Windows driver. The vulnerability allows local users to crash the system by sending a specific IOCTL request, which is mishandled due to double processing.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ELAN Miniport touchpad Windows driver before 24.21.51.2

No auth needed

Prerequisites: Local access to the system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://www.emc.com.tw/upload/F2E/Vulnerability%20Report/Vulnerability%20Report_Miniport%20touchpad%20Windows%20driver_20221107.pdf

Scores

CVSS v3 4.7

EPSS 0.0026

EPSS Percentile 16.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-703

Status published

Products (1)

lenovo/elan_miniport_touchpad_driver < 24.21.51.2

Published Nov 07, 2022

Tracked Since Feb 18, 2026