USN-5073-3

Advisory lineage Upstream: 6 Downstream: 0

Upstream

CVE-2021-34693 CVE-2021-3612 CVE-2021-38160 UBUNTU-CVE-2021-34693 UBUNTU-CVE-2021-3612 UBUNTU-CVE-2021-38160

Published: 22 Sept 2021, 00:24

Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Sept 2021, 00:24

Published

Vulnerability first disclosed

03 Jun 2026, 13:34

Last Modified

Vulnerability information updated

Description

linux-raspi2 vulnerabilities Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160)

Affected Systems

ubuntu•linux-raspi2
< 4.15.0-1095.101

USN-5073-3

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)