Vulnerability Name:

CVE-2021-33655 (CCN-231424)

Assigned:2021-05-28
Published:2022-07-08
Updated:2022-10-29
Summary:When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
CVSS v3 Severity:6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.4 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-33655

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)

Source: XF
Type: UNKNOWN
linux-kernel-cve202133655-code-exec(231424)

Source: CCN
Type: Linux Kernel GIT Repository
Merge tag for-5.19/fbdev-3 of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev

Source: MISC
Type: Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update

Source: DEBIAN
Type: Third Party Advisory
DSA-5191

Source: CCN
Type: IBM Security Bulletin 7007837 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 7011323 (Spectrum Copy Data Management)
Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 5.19)
  • OR cpe:/o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:4739
    P
    Security update for the Linux Kernel (Important)
    2022-08-26
    oval:org.opensuse.security:def:707
    P
    Security update for the Linux Kernel (Important)
    2022-08-23
    oval:org.opensuse.security:def:697
    P
    Security update for the Linux Kernel (Important)
    2022-08-16
    oval:org.opensuse.security:def:125119
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118235
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:127340
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:119287
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:125388
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118655
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:119468
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:125778
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118792
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:119653
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:126942
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118982
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:692
    P
    Security update for the Linux Kernel (Important)
    2022-08-12
    oval:org.opensuse.security:def:4302
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:6135
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:4665
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:687
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:6136
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:6350
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:5322
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    BACK
    linux linux kernel 5.19 rc1
    linux linux kernel *
    linux linux kernel 5.19 rc2
    linux linux kernel 5.19 rc3
    linux linux kernel 5.19 rc4
    linux linux kernel 5.19 rc5
    debian debian linux 10.0
    debian debian linux 11.0
    linux linux kernel -
    ibm spectrum copy data management 2.2.0.0