CVE-2021-2192

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11

Description The issue is related to insufficient input validation in the Kernel component of Oracle Solaris, which can be exploited by a low-privileged attacker with logon access to the infrastructure. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle Solaris, as well as unauthorized update, insert, or delete access to some of Oracle Solaris' accessible data. This issue applies to Oracle Solaris on SPARC systems only.

Recommendations For Oracle Solaris version 11, consider restricting access to the Kernel component to minimize the risk of exploitation until a patch is available. As a temporary workaround, focus on securing the infrastructure where Oracle Solaris executes to reduce the potential for low-privileged attackers to gain logon access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.