CVE-2021-3612
HIGHLinux Kernel < 5.9.0 - Out-of-Bounds Write via JSIOCSBTNMAP ioctl
Title source: llmDescription
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References (7)
Core 7
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1974079
Mailing List x_refsource_misc
https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210805-0005/
Scores
CVSS v3
7.8
EPSS
0.0009
EPSS Percentile
24.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-787
Status
published
Products (18)
debian/debian_linux
9.0
fedoraproject/fedora
34
linux/linux_kernel
< 5.9.0
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
... and 8 more
Published
Jul 09, 2021
Tracked Since
Feb 18, 2026