CVE-2021-3612 - OpenCVE

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	H700s H700e H410c H500s H410s Firmware Solidfire Baseboard Management Controller Firmware H500s Firmware H300s Firmware H300e Firmware H700s Firmware Cloud Backup Solidfire Baseboard Management Controller H500e H410c Firmware H700e Firmware H300e H300s H500e Firmware H410s
Redhat	Enterprise Linux
Oracle	Communications Cloud Native Core Policy Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure Function
Debian	Debian Linux
Fedoraproject	Fedora
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*

Configuration 6 [-]

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1974079	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/
https://security.netapp.com/advisory/ntap-20210805-0005/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory