CVE-2021-33655

Advisory lineage Upstream: 0 Downstream: 55

Downstream

DEBIAN-CVE-2021-33655 DLA-3131-1 DSA-5191-1 RHSA-2023:2148 RHSA-2023:2458 RHSA-2023:2736

Modified

Published: 18 Jul 2022, 14:45

Last modified:03 Aug 2024, 23:58

Vulnerability Summary

Overall Risk (default)

medium

27/100

CVSS Score

6.7 MEDIUM

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Jul 2022, 14:45

Published

Vulnerability first disclosed

03 Aug 2024, 23:58

Last Modified

Vulnerability information updated

Description

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

CVSS Metrics

v3.1•MEDIUM•Score: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 7%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

debian•debian_linux
10.0 | 11.0
linux•linux_kernel
< 5.19 | 5.19:rc1 | 5.19:rc2 | 5.19:rc3 | 5.19:rc4 | 5.19:rc5