CVE-2021-33655

Summary

CVE	CVE-2021-33655
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-18 15:15:00 UTC
Updated	2022-10-29 02:52:00 UTC
Description	When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.19	rc1	All	All
Operating System	Linux	Linux Kernel	5.19	rc2	All	All
Operating System	Linux	Linux Kernel	5.19	rc3	All	All
Operating System	Linux	Linux Kernel	5.19	rc4	All	All
Operating System	Linux	Linux Kernel	5.19	rc5	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3131-1] linux security update	MLIST	lists.debian.org
oss-security - CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)	MLIST	www.openwall.com
Debian -- Security Information -- DSA-5191-1 linux	DEBIAN	www.debian.org
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160076 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9761)
160583 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-2458)
160692 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-2951)
180900 Debian Security Update for linux (DSA 5191-1)
181091 Debian Security Update for linux (DLA 3131-1)
182470 Debian Security Update for linux (CVE-2021-33655)
198910 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5577-1)
198923 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5596-1)
198946 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5621-1)
198948 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5624-1)
198949 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5622-1)
198950 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5623-1)
198953 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5633-1)
198954 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5630-1)
198958 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5635-1)
198960 Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-5640-1)
198962 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5639-1)
198964 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5644-1)
198966 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5647-1)
198967 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5648-1)
198970 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5654-1)
198972 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5655-1)
198974 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5660-1)
198989 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5683-1)
241417 Red Hat Update for kernel security (RHSA-2023:2458)
241468 Red Hat Update for kernel-rt (RHSA-2023:2148)
241504 Red Hat Update for kernel security (RHSA-2023:2951)
241527 Red Hat Update for kernel-rt (RHSA-2023:2736)
242941 Red Hat Update for kernel (RHSA-2024:0930)
354044 Amazon Linux Security Advisory for kernel : ALAS2-2022-1833
354049 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-034
354071 Amazon Linux Security Advisory for kernel : ALAS-2022-1636
354075 Amazon Linux Security Advisory for kernel : ALAS2-2022-1852
377117 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)
390267 Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0024)
610471 Google Android Devices March 2023 Security Patch Missing
610484 Google Android April 2023 Security Patch Missing for Samsung
610486 Google Android April 2023 Security Patch Missing for Huawei EMUI
672114 EulerOS Security Update for kernel (EulerOS-SA-2022-2292)
672141 EulerOS Security Update for kernel (EulerOS-SA-2022-2441)
672205 EulerOS Security Update for kernel (EulerOS-SA-2022-2466)
672218 EulerOS Security Update for kernel (EulerOS-SA-2022-2619)
672286 EulerOS Security Update for kernel (EulerOS-SA-2022-2654)
672354 EulerOS Security Update for kernel (EulerOS-SA-2022-2732)
752452 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2719-1)
752453 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2723-1)
752455 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2720-1)
752461 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2803-1)
752463 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2809-1)
752464 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2808-1)
752474 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2827-1)
752502 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2875-1)
752814 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) (SUSE-SU-2022:4112-1)
752831 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 31 for SLE 15) (SUSE-SU-2022:4027-1)
752850 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) (SUSE-SU-2022:4035-1)
752852 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:4100-1)
752874 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) (SUSE-SU-2022:4024-1)
752894 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) (SUSE-SU-2022:4033-1)
752902 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 30 for SLE 15) (SUSE-SU-2022:4129-1)
752930 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:4113-1)
753135 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2722-1)
753156 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2741-1)
753316 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2892-1)
753703 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0416-1)
753707 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0416-1)
753727 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0416-1)
902778 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10621)
902789 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10616)
904104 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10621-1)
904130 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10616-1)
905897 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10621-2)
906257 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10616-2)
941023 AlmaLinux Security Update for kernel (ALSA-2023:2458)
941061 AlmaLinux Security Update for kernel-rt (ALSA-2023:2148)
941096 AlmaLinux Security Update for kernel (ALSA-2023:2951)
941114 AlmaLinux Security Update for kernel-rt (ALSA-2023:2736)