USN-5071-3

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2021-22543 CVE-2021-3612 UBUNTU-CVE-2021-22543 UBUNTU-CVE-2021-3612

Published: 22 Sept 2021, 00:34

Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Sept 2021, 00:34

Published

Vulnerability first disclosed

03 Jun 2026, 13:34

Last Modified

Vulnerability information updated

Description

linux-raspi, linux-raspi-5.4 vulnerabilities It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612)

Affected Systems

ubuntu•linux-raspi
< 5.4.0-1043.47
ubuntu•linux-raspi-5.4
< 5.4.0-1043.47~18.04.1

USN-5071-3

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)