An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1974079 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ | |
https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/ | |
https://security.netapp.com/advisory/ntap-20210805-0005/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
History
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
11 Jan 2023, 17:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500e
Netapp h700s Netapp cloud Backup Netapp h410s Netapp h700e Firmware Netapp h300s Netapp h410s Firmware Netapp solidfire Baseboard Management Controller Firmware Netapp h410c Firmware Netapp Netapp h300s Firmware Netapp h500e Firmware Oracle communications Cloud Native Core Binding Support Function Netapp h500s Oracle communications Cloud Native Core Policy Netapp solidfire Baseboard Management Controller Netapp h300e Firmware Oracle communications Cloud Native Core Network Exposure Function Netapp h300e Netapp h700e Netapp h700s Firmware Oracle Netapp h500s Firmware Netapp h410c |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* |
25 Jul 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Apr 2022, 21:09
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
CWE-787 |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
First Time |
Debian
Debian debian Linux |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory |
17 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Oct 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 17:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ - Mailing List, Third Party Advisory |
05 Aug 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-20 |
13 Jul 2021, 18:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1974079 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/ - Exploit, Mailing List, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
09 Jul 2021, 11:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-09 11:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3612
Mitre link : CVE-2021-3612
CVE.ORG link : CVE-2021-3612
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700e
- h700e_firmware
- h700s
- h300s_firmware
- cloud_backup
- solidfire_baseboard_management_controller_firmware
- h300s
- h300e
- h500e_firmware
- h410c_firmware
- h500s
- h410c
- h410s
- h410s_firmware
- h500s_firmware
- h300e_firmware
- h500e
- solidfire_baseboard_management_controller
debian
- debian_linux
linux
- linux_kernel
oracle
- communications_cloud_native_core_policy
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_network_exposure_function
fedoraproject
- fedora
redhat
- enterprise_linux