Description

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Related CPE's

o

linux

linux_kernel

Vulnerable

o

redhat

enterprise_linux

2

o

fedoraproject

fedora

34

Vulnerable

o

debian

debian_linux

9.0

Vulnerable

a

oracle

communications_cloud_native_core_binding_support_function

22.1.3

Vulnerable

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_policy

22.2.0

Vulnerable

a

netapp

cloud_backup

-

Vulnerable

h

netapp

solidfire_baseboard_management_controller

-

o

netapp

solidfire_baseboard_management_controller_firmware

-

Vulnerable

h

netapp

h300s

-

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h300e

-

o

netapp

h300e_firmware

-

Vulnerable

h

netapp

h500e

-

o

netapp

h500e_firmware

-

Vulnerable

h

netapp

h700e

-

o

netapp

h700e_firmware

-

Vulnerable

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h410c_firmware

-

Vulnerable

h

netapp

h410c

-

References

https://bugzilla.redhat.com/show_bug.cgi?id=1974079

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/

https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/

https://security.netapp.com/advisory/ntap-20210805-0005/

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-787

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-09T11:15:09.457

3 years ago

Last modified

2023-11-07T03:38:09.580

1 year ago