#VU65833 Out-of-bounds write in Linux kernel


Published: 2022-07-27

Vulnerability identifier: #VU65833

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33655

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in FBIOPUT_VSCREENINFO IOCTL. A local user can trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4
http://www.openwall.com/lists/oss-security/2022/07/19/2
http://www.debian.org/security/2022/dsa-5191

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell VxRail Appliance components
Multiple vulnerabilities in Western Digital My Cloud OS 5
SUSE update for the Linux Kernel (Live Patch 30 for SLE 15)
SUSE update for the Linux Kernel (Live Patch 31 for SLE 15 SP1)
SUSE update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
SUSE update for the Linux Kernel (Live Patch 16 for SLE 15 SP3)
SUSE update for the Linux Kernel (Live Patch 30 for SLE 15)
SUSE update for the Linux Kernel (Live Patch 31 for SLE 15 SP1)
SUSE update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
SUSE update for the Linux Kernel (Live Patch 16 for SLE 15 SP3)