CVE-2021-3612

Summary

CVE	CVE-2021-3612
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-07-09 11:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.9.0	-	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Hardware	Netapp	Solidfire Baseboard Management Controller	-	All	All	All
Operating System	Netapp	Solidfire Baseboard Management Controller Firmware	-	All	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	22.1.3	All	All	All
Application	Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1	All	All	All
Application	Oracle	Communications Cloud Native Core Policy	22.2.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 34 Update: kernel-tools-5.12.17-300.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[PATCH] Input: joydev - prevent potential write out of bounds in ioctl - Alexander Larkin	MISC	lore.kernel.org
1974079 – (CVE-2021-3612) CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()	MISC	bugzilla.redhat.com
[SECURITY] [DLA 2785-1] linux-4.19 security update	MLIST	lists.debian.org
[PATCH] Input: joydev - prevent potential write out of bounds in ioctl - Alexander Larkin		lore.kernel.org
[SECURITY] Fedora 34 Update: kernel-tools-5.12.17-300.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 2843-1] linux security update	MLIST	lists.debian.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
CVE-2021-3612 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159399 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9452)
159400 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9453)
159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
178844 Debian Security Update for linux-4.19 (DLA 2785-1)
178943 Debian Security Update for linux (DLA 2843-1)
179497 Debian Security Update for linux (CVE-2021-3612)
198487 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5071-1)
198491 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5070-1)
198497 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5073-1)
198502 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5071-2)
198506 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5073-2)
198507 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5073-3)
198512 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5071-3)
198524 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5096-1)
198533 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5106-1)
198548 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5120-1)
240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
240298 Red Hat Update for kernel security (RHSA-2022:1988)
281727 Fedora Security Update for kernel (FEDORA-2021-a95108d156)
390248 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0035)
750844 SUSE Enterprise Linux Security Update for kernel (SUSE-SU-2021:2407-1)
750848 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2416-1)(Sequoia)
750887 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1076-1)
750953 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:2645-1)
750963 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:2687-1)
940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)
960132 Rocky Linux Security Update for kernel-rt (RLSA-2022:1975)
960134 Rocky Linux Security Update for kernel (RLSA-2022:1988)