CVE-2021-33655

2022-07-1800:00:00

ubuntu.com

cve-2021-33655

kernel ioctl

fbioput_vscreeninfo

malicious data

out-of-bounds

memory write

unix

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

When sending malicous data to kernel by ioctl cmd
FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-193.204UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-126.142UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-48.54UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-234.268UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1141.152UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1085.92UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1020.24UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1113.119UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1150.165UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1020.24~20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-193.204	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-126.142	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-48.54	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-234.268	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1141.152	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1085.92	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1020.24	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1113.119	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1150.165	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1020.24~20.04.1	UNKNOWN