VDB
CVE-2021-33656
CVE-2021-33656
PUBLISHED
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
EPSS 0.03% · 9.2th percentile
Risk Scores
EPSS Score
0.03%
9.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:FIPS:20.04:LTS | linux-gcp-fips | 5.4.0-1021.21+fips1, 0 |
| Ubuntu:Pro:16.04:LTS | linux-aws | 4.4.0-1098.109, 4.4.0-1073.83, 4.4.0-1075.85 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-fips | 4.15.0-1094.105, 4.15.0-1076.85, 4.15.0-1075.84 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:Pro:16.04:LTS | linux-kvm | 4.4.0-1046.52, 4.4.0-1004.9, 4.4.0-1007.12 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.11.0-13.19~16.04.1, 4.11.0-14.20~16.04.1, 4.13.0-16.19~16.04.3 |
| Ubuntu:18.04:LTS | linux | 4.15.0-20.21, 4.15.0-132.136, 4.15.0-129.132 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:20.04:LTS | linux-oem-5.13 | 5.13.0-1009.10, 5.13.0-1019.23, 5.13.0-1020.24 |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-fips | 5.4.0-1007.8, 0 |
| Ubuntu:18.04:LTS | linux-dell300x | 4.15.0-1010.14, 4.15.0-1012.16, 4.15.0-1030.35 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-azure-fips | 5.4.0-1080.83+fips1, 5.4.0-1083.87+fips1, 5.4.0-1085.90+fips1 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 0, 4.15.0-1001.1 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-33.37, 5.4.0-28.32, 5.4.0-27.31 |
| Ubuntu:18.04:LTS | linux-ibm-5.4 | 5.4.0-1021.23~18.04.1, 5.4.0-1023.25~18.04.1, 5.4.0-1028.32~18.04.1 |
| Ubuntu:20.04:LTS | linux-gkeop | 5.4.0-1031.32, 5.4.0-1021.22, 5.4.0-1029.30 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 5.0.0-1025.28, 0, 5.0.0-1022.25~18.04.1 |
| Ubuntu:20.04:LTS | linux-hwe-5.11 | 5.11.0-44.48~20.04.2, 5.11.0-46.51~20.04.1, * |
| Ubuntu:20.04:LTS | linux-oracle-5.13 | 5.13.0-1036.43~20.04.1, 5.13.0-1034.40~20.04.1, 5.13.0-1033.39~20.04.1 |
| Ubuntu:Pro:16.04:LTS | linux-gcp | *, 0, 4.10.0-1004.4 |
…and 80 more
Exploit Intelligence
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
Timeline
- Jul 18, 2022 CVE Published
- Jul 19, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 21, 2022 EPSS Score
- Dec 7, 2022 EPSS Score
- Jan 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
- Jul 29, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-33656 third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch third-party-advisory
- https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel third-party-advisory
- https://ubuntu.com/security/notices/USN-5580-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5589-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5591-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5591-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-5591-3 vendor-advisory
- https://ubuntu.com/security/notices/USN-5591-4 vendor-advisory
- https://ubuntu.com/security/notices/USN-5592-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5595-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5597-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5598-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5600-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5603-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5605-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5650-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33656 third-party-advisory