An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1974079 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ | |
https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/ | |
https://security.netapp.com/advisory/ntap-20210805-0005/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
History
25 Jul 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Apr 2022, 21:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory | |
CWE | CWE-20 |
CWE-787 |
17 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Oct 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 17:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ - Mailing List, Third Party Advisory |
05 Aug 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References |
|
13 Jul 2021, 18:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1974079 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/ - Exploit, Mailing List, Patch, Vendor Advisory |
09 Jul 2021, 11:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-09 11:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-3612
Mitre link : CVE-2021-3612
CVE.ORG link : CVE-2021-3612
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_network_exposure_function
- communications_cloud_native_core_policy
netapp
- h410s
- h410c
- solidfire_baseboard_management_controller_firmware
- solidfire_baseboard_management_controller
- h410c_firmware
- h300s
- h300e
- h500s
- h410s_firmware
- h500s_firmware
- h500e_firmware
- cloud_backup
- h700s
- h700e_firmware
- h700e
- h700s_firmware
- h500e
- h300e_firmware
- h300s_firmware
fedoraproject
- fedora
debian
- debian_linux
linux
- linux_kernel
redhat
- enterprise_linux