PT-2021-3378 · Linux+10 · Linux Kernel+10
Published
2020-10-15
·
Updated
2023-01-11
·
CVE-2021-3612
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.9-rc1
Description
The issue is related to an out-of-bounds memory write flaw in the Linux kernel's joystick devices subsystem. This flaw occurs when a user calls the
ioctl JSIOCSBTNMAP function. It allows a local user to crash the system or possibly escalate their privileges on the system, posing a threat to confidentiality, integrity, and system availability.Recommendations
For Linux kernel versions prior to 5.9-rc1, update to version 5.9-rc1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
ioctl JSIOCSBTNMAP function to minimize the risk of exploitation.Exploit
Fix
DoS
Buffer Overflow
Memory Corruption
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu