An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
[
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.9-rc1"
}
]
}
]
bugzilla.redhat.com/show_bug.cgi?id=1974079
lists.debian.org/debian-lts-announce/2021/10/msg00010.html
lists.debian.org/debian-lts-announce/2021/12/msg00012.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com/
security.netapp.com/advisory/ntap-20210805-0005/
www.oracle.com/security-alerts/cpujul2022.html