vulnerability

Red Hat: CVE-2021-3612: CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (Multiple Advisories)

Name: Red Hat: CVE-2021-3612: CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (Multiple Advisories)
Creator: Red Hat
Published: 2021-07-09T00:00:00.000Z
Keywords: CVE, CWE-20, CWE-787, Red Hat, 2021, 3612, 3612 kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 7

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Jul 9, 2021

Added

May 13, 2022

Modified

Mar 27, 2026

Description

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-20
CWE-787
EUVD-EUVD-2021-26916
NVD-CVE-2021-3612
REDHAT-RHSA-2022:1975
REDHAT-RHSA-2022:1988
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-26916

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report