CVE-2021-33655

Public on 2022-07-18
Modified on 2022-09-30
Description

An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Severity
Medium
See what this means
CVSS v3 Base Score
6.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2022-09-30 02:41 ALAS-2022-1636
Amazon Linux 2 kernel 2022-09-30 07:04 ALAS2-2022-1852
Amazon Linux 2 kernel 2022-08-15 21:03 ALAS2-2022-1833
Amazon Linux 2 kernel 2022-07-19 16:01 ALAS2KERNEL-5.10-2022-018
Amazon Linux 2 kernel 2022-08-15 21:23 ALAS2KERNEL-5.4-2022-034

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H