Bug 1187585 - (CVE-2021-3612) VUL-0: CVE-2021-3612: kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
(CVE-2021-3612)
VUL-0: CVE-2021-3612: kernel: joydev: zero size passed to joydev_handle_JSIOC...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/302657/
CVSSv3.1:SUSE:CVE-2021-3612:4.0:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-22 07:37 UTC by Alexander Bergmann
Modified: 2022-07-21 20:00 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-06-22 07:37:17 UTC
rh#1974079 / CVE-2021-3612

If using ioctl JSIOCSAXMAP or ioctl JSIOCSBTNMAP (ex. for device /dev/input/js0) with incorrect input data (ex. buffer filled with values 0xff with size=0), then Linux kernel module crash (panic) happens with memory writing out of bounds.
Bug exists in kernels after patch 182d679b2298 (ref. https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ , so starting from upstream v5.12-rc1 ). Before this patch (before v5.12-rc1 ), bug existed too, but there was only possibility of reading out of stack that was less dangerous.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1974079
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3612
Comment 3 Takashi Iwai 2021-07-07 13:35:45 UTC
Backported the fix to SLE15-SP2 and SLE12-SP5 branches, which had the buggy commit.  TW will get the backport via stable tree.

Reassigned back to security team.
Comment 12 Swamp Workflow Management 2021-07-20 16:20:32 UTC
SUSE-SU-2021:2408-1: An update that solves 5 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269
CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.58.1, kernel-source-azure-5.3.18-18.58.1, kernel-syms-azure-5.3.18-18.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-07-20 16:41:54 UTC
SUSE-SU-2021:2407-1: An update that solves 5 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1153720,1170511,1183871,1184114,1185032,1185308,1185791,1185995,1187050,1187215,1187585,1187934,1188010,1188062,1188116,1188273,1188274
CVE References: CVE-2020-36385,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.65.1, kernel-source-azure-4.12.14-16.65.1, kernel-syms-azure-4.12.14-16.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-07-20 19:19:34 UTC
SUSE-SU-2021:2416-1: An update that solves 5 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1153720,1170511,1183871,1184114,1185032,1185308,1185791,1185995,1187050,1187215,1187585,1187934,1188062,1188116,1188273,1188274
CVE References: CVE-2020-36385,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.80.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.80.1, kernel-obs-build-4.12.14-122.80.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.80.1, kernel-source-4.12.14-122.80.1, kernel-syms-4.12.14-122.80.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.80.1, kgraft-patch-SLE12-SP5_Update_21-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 OBSbugzilla Bot 2021-07-21 11:11:35 UTC
This is an autogenerated message for OBS integration:
This bug (1187585) was mentioned in
https://build.opensuse.org/request/show/907471 15.2 / kernel-source
Comment 18 Swamp Workflow Management 2021-07-21 16:26:09 UTC
SUSE-SU-2021:2438-1: An update that solves 5 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1170511,1179243,1183871,1184114,1184804,1185308,1185791,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269
CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.75.3, kernel-livepatch-SLE15-SP2_Update_17-1-5.3.3
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.75.3
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.75.2, kernel-obs-build-5.3.18-24.75.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2, kernel-syms-5.3.18-24.75.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.75.3, kernel-default-base-5.3.18-24.75.3.9.34.3, kernel-preempt-5.3.18-24.75.3, kernel-source-5.3.18-24.75.2
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.75.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-07-22 10:22:37 UTC
openSUSE-SU-2021:1076-1: An update that solves 5 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1176940,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188062,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188445
CVE References: CVE-2021-22555,CVE-2021-33909,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.84.1, kernel-default-5.3.18-lp152.84.1, kernel-default-base-5.3.18-lp152.84.1.lp152.8.38.1, kernel-docs-5.3.18-lp152.84.1, kernel-kvmsmall-5.3.18-lp152.84.1, kernel-obs-build-5.3.18-lp152.84.1, kernel-obs-qa-5.3.18-lp152.84.1, kernel-preempt-5.3.18-lp152.84.1, kernel-source-5.3.18-lp152.84.1, kernel-syms-5.3.18-lp152.84.1
Comment 23 Swamp Workflow Management 2021-08-03 16:18:06 UTC
SUSE-SU-2021:2599-1: An update that solves four vulnerabilities, contains three features and has 23 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188525
CVE References: CVE-2021-22555,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: SLE-17042,SLE-17043,SLE-17268
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-45.3, kernel-rt_debug-5.3.18-45.3, kernel-source-rt-5.3.18-45.3, kernel-syms-rt-5.3.18-45.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2021-08-05 15:36:58 UTC
SUSE-SU-2021:2599-2: An update that solves four vulnerabilities, contains three features and has 23 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1152472,1152489,1155518,1170511,1179243,1180092,1183871,1184114,1184804,1185308,1185791,1186206,1187215,1187585,1188036,1188080,1188116,1188121,1188176,1188267,1188268,1188269,1188405,1188525
CVE References: CVE-2021-22555,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612
JIRA References: SLE-17042,SLE-17043,SLE-17268
Sources used:
SUSE MicroOS 5.0 (src):    kernel-rt-5.3.18-45.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2021-08-10 13:21:08 UTC
openSUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1
Comment 30 Swamp Workflow Management 2021-08-10 13:29:58 UTC
SUSE-SU-2021:2645-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-38.17.1, kernel-source-azure-5.3.18-38.17.1, kernel-syms-azure-5.3.18-38.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2021-08-10 13:45:46 UTC
SUSE-SU-2021:2643-1: An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1153720,1170511,1176724,1176931,1176940,1179195,1181161,1183871,1184114,1184350,1184804,1185032,1185308,1185377,1185791,1185995,1186206,1186482,1186672,1187038,1187050,1187215,1187476,1187585,1187846,1188026,1188062,1188101,1188116,1188273,1188274,1188405,1188620,1188750,1188838,1188842,1188876,1188885,1188973
CVE References: CVE-2020-0429,CVE-2020-36385,CVE-2020-36386,CVE-2021-22543,CVE-2021-22555,CVE-2021-33909,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: SLE-10538
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.54.1, kernel-rt_debug-4.12.14-10.54.1, kernel-source-rt-4.12.14-10.54.1, kernel-syms-rt-4.12.14-10.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2021-08-14 13:25:51 UTC
openSUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-59.19.1, kernel-64kb-5.3.18-59.19.1, kernel-debug-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-docs-5.3.18-59.19.1, kernel-kvmsmall-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-obs-qa-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1
Comment 33 Swamp Workflow Management 2021-08-14 13:34:59 UTC
SUSE-SU-2021:2687-1: An update that solves 7 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973
CVE References: CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-59.19.1, kernel-livepatch-SLE15-SP3_Update_5-1-7.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-59.19.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-59.19.1, kernel-obs-build-5.3.18-59.19.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-syms-5.3.18-59.19.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-59.19.1, kernel-default-5.3.18-59.19.1, kernel-default-base-5.3.18-59.19.1.18.10.1, kernel-preempt-5.3.18-59.19.1, kernel-source-5.3.18-59.19.1, kernel-zfcpdump-5.3.18-59.19.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-59.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 34 Marcus Meissner 2021-09-13 10:01:12 UTC
released