Vulnerability Description
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.9.0 |
| Redhat | Enterprise Linux | 7.0 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 9.0 |
| Oracle | Communications Cloud Native Core Binding Support Function | 22.1.3 |
| Oracle | Communications Cloud Native Core Network Exposure Function | 22.1.1 |
| Oracle | Communications Cloud Native Core Policy | 22.2.0 |
| Netapp | Cloud Backup | - |
| Netapp | Solidfire Baseboard Management Controller Firmware | - |
| Netapp | Solidfire Baseboard Management Controller | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H300E Firmware | - |
| Netapp | H300E | - |
| Netapp | H500E Firmware | - |
| Netapp | H500E | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1974079Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.
- https://security.netapp.com/advisory/ntap-20210805-0005/Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1974079Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.
- https://security.netapp.com/advisory/ntap-20210805-0005/Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-3612?
CVE-2021-3612 is a vulnerability with a CVSS score of 7.8 (HIGH). An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to...
How severe is CVE-2021-3612?
CVE-2021-3612 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3612?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux, Oracle Communications Cloud Native Core Binding Support Function.