Vulnerability CVE-2021-3612

Vulnerability Name:

CVE-2021-3612 (CCN-205153)

Assigned:

2021-06-20

Published:

2021-06-20

Updated:

2023-01-11

Summary:

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-3612

Source: CCN
Type: Red Hat Bugzilla - Bug 1974079
(CVE-2021-3612) - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20213612-priv-esc(205153)

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit, Mailing List, Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Linux Kernel Web site
The Linux Kernel Archives

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:5.8:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8029	P	kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7569	P	libXv-devel-1.0.11-1.23 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8090	P	reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7585	P	libcroco-0.6.13-150400.9.5 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7707	P	libykcs11-1-1.6.2-4.30 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7539	P	kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:751	P	Security update for bluez (Important)	2022-09-12
oval:org.opensuse.security:def:6132	P	Security update for wavpack (Low)	2022-08-05
oval:org.opensuse.security:def:6126	P	Security update for mokutil (Moderate)	2022-08-03
oval:org.opensuse.security:def:3652	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3567	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3398	P	wpa_supplicant-2.6-15.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3448	P	busybox-1.21.1-3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3458	P	cpp48-4.8.5-31.20.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95197	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95028	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94907	P	gnome-extensions-41.4-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95078	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95083	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94590	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2960	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94570	P	graphviz-2.48.0-150400.1.165 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95327	P	Security update for webkit2gtk3 (Important)	2022-06-14
oval:org.opensuse.security:def:95323	P	Security update for go1.17 (Important)	2022-06-07
oval:com.redhat.rhsa:def:20221975	P	RHSA-2022:1975: kernel-rt security and bug fix update (Important)	2022-05-10
oval:com.redhat.rhsa:def:20221988	P	RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important)	2022-05-10
oval:org.opensuse.security:def:4570	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)	2022-04-13
oval:org.opensuse.security:def:101620	P	Security update for tar (Moderate) (in QA)	2022-04-12
oval:org.opensuse.security:def:102036	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (Important)	2022-03-29
oval:org.opensuse.security:def:4498	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP5) (Important)	2021-10-12
oval:org.opensuse.security:def:65659	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:76289	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:102327	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:67221	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:99980	P	(Important)	2021-08-14
oval:org.opensuse.security:def:8389	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:1119	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:6476	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:68347	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:101797	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:73863	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:1733	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:100316	P	(Important)	2021-08-14
oval:org.opensuse.security:def:64741	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:1214	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:101874	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:99403	P	(Important)	2021-08-14
oval:org.opensuse.security:def:1775	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:111664	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:70830	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:67565	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:100645	P	(Important)	2021-08-14
oval:org.opensuse.security:def:10690	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:1256	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:7258	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:101909	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:99666	P	(Important)	2021-08-14
oval:org.opensuse.security:def:102291	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:74727	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:101482	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:1547	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:21838	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:111658	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:76283	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:68674	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:67215	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:4726	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:101283	P	nasm-2.14.02-3.4.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:42108	P	Security update for the Linux Kernel (Important)	2021-08-05
oval:org.opensuse.security:def:68796	P	Security update for the Linux Kernel (Important)	2021-08-03
oval:org.opensuse.security:def:102672	P	Security update for the Linux Kernel (Important)	2021-08-03
oval:org.opensuse.security:def:118429	P	Security update for the Linux Kernel (Important)	2021-08-03
oval:org.opensuse.security:def:109338	P	Security update for the Linux Kernel (Important)	2021-08-03
oval:org.opensuse.security:def:95959	P	Security update for the Linux Kernel (Important)	2021-08-03
oval:org.opensuse.security:def:110982	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:102865	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:108957	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:73669	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:95578	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:118627	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:5779	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:64547	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:102406	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:109531	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:96175	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:108286	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:117995	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:102983	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:42104	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:109072	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:95693	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:70789	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:119789	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:67540	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:117464	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:109649	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:75936	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:96311	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:10649	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:7127	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:66868	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:102040	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:74655	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:117800	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:65587	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:108706	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:107949	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:8365	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:6451	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:68216	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:117880	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:20471	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:5079	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:34489	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:75932	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:66864	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:4278	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:60310	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:35260	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:102614	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:108702	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:68658	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:118366	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:4446	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:26092	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:60312	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:109280	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:95901	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:19610	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:5775	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:34487	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:61083	P	Security update for the Linux Kernel (Important)	2021-07-20

BACK