CVE-2021-3612

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1974079	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/
https://security.netapp.com/advisory/ntap-20210805-0005/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*

Configuration 6 (hide)

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:38

Type	Values Removed	Values Added
References	{'url': 'https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/', 'name': 'https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/', 'tags': ['Exploit', 'Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/', 'name': 'FEDORA-2021-a95108d156', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ -

11 Jan 2023, 17:10

Type	Values Removed	Values Added
First Time		Netapp h500e Netapp h700s Netapp cloud Backup Netapp h410s Netapp h700e Firmware Netapp h300s Netapp h410s Firmware Netapp solidfire Baseboard Management Controller Firmware Netapp h410c Firmware Netapp Netapp h300s Firmware Netapp h500e Firmware Oracle communications Cloud Native Core Binding Support Function Netapp h500s Oracle communications Cloud Native Core Policy Netapp solidfire Baseboard Management Controller Netapp h300e Firmware Oracle communications Cloud Native Core Network Exposure Function Netapp h300e Netapp h700e Netapp h700s Firmware Oracle Netapp h500s Firmware Netapp h410c
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
CPE	cpe:2.3:o:linux:linux_kernel:5.9.0:-::::::	cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::*

25 Jul 2022, 18:16

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

05 Apr 2022, 21:09

Type	Values Removed	Values Added
CWE	CWE-119 CWE-20	CWE-787
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*
First Time		Debian Debian debian Linux
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory

17 Dec 2021, 01:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html -

16 Oct 2021, 01:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html -

20 Sep 2021, 17:01

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20210805-0005/ - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ - Mailing List, Third Party Advisory

05 Aug 2021, 12:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/ -
CWE		CWE-20

13 Jul 2021, 18:30

Type	Values Removed	Values Added
CWE		CWE-119
CPE		cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:linux:linux_kernel:5.9.0:-::::::
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1974079 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1974079 - Issue Tracking, Third Party Advisory
References	~~(MISC) https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/ -~~	(MISC) https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/ - Exploit, Mailing List, Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8

09 Jul 2021, 11:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-09 11:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-3612

Mitre link : CVE-2021-3612

CVE.ORG link : CVE-2021-3612

JSON object : View

Products Affected

netapp

h700s_firmware
h700e
h700e_firmware
h700s
h300s_firmware
cloud_backup
solidfire_baseboard_management_controller_firmware
h300s
h300e
h500e_firmware
h410c_firmware
h500s
h410c
h410s
h410s_firmware
h500s_firmware
h300e_firmware
h500e
solidfire_baseboard_management_controller

debian

debian_linux

linux

linux_kernel

oracle

communications_cloud_native_core_policy
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_network_exposure_function

fedoraproject

fedora

redhat

enterprise_linux

CWE

CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation

7.8 /10