{"containers": {"cna": {"affected": [{"product": "openEuler:kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "<5.10.127"}]}], "descriptions": [{"lang": "en", "value": "When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-10-02T18:06:13", "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel"}, {"name": "[oss-security] 20220719 CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(<5.10.127)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "securities@openeuler.org", "ID": "CVE-2021-33656", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openEuler:kernel", "version": {"version_data": [{"version_value": "<5.10.127"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"}, {"name": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel", "refsource": "MISC", "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel"}, {"name": "[oss-security] 20220719 CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(<5.10.127)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:21.558Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel"}, {"name": "[oss-security] 20220719 CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(<5.10.127)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "assignerShortName": "openEuler", "cveId": "CVE-2021-33656", "datePublished": "2022-07-18T14:44:28", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:21.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openatom:openeuler:20.03:-:*:*:lts:*:*:*", "matchCriteriaId": "E438DADF-863B-4CE2-BDA4-468E41809BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*", "matchCriteriaId": "464D2E5A-0D36-4893-85A4-2267AE0333DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:openatom:openeuler:20.03:sp3:*:*:lts:*:*:*", "matchCriteriaId": "A98D36A4-869D-4F90-9434-599915671828", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F459694-1B3F-472F-88F7-6E97AD3958DD", "versionEndExcluding": "5.10.127", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds."}, {"lang": "es", "value": "Cuando es establecida la fuente con datos maliciosos por ioctl cmd PIO_FONT, el kernel escribir\u00e1 memoria fuera de l\u00edmites"}], "id": "CVE-2021-33656", "lastModified": "2025-04-02T18:33:53.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-18T15:15:08.043", "references": [{"source": "securities@openeuler.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"}, {"source": "securities@openeuler.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"}, {"source": "securities@openeuler.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}, {"source": "securities@openeuler.org", "tags": ["Third Party Advisory"], "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel"}], "sourceIdentifier": "securities@openeuler.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "securities@openeuler.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2736", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2951", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.10.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:4789", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.70.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4789", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.70.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-08-29T00:00:00Z"}], "bugzilla": {"description": "kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds", "id": "2108696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108696"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.", "An out-of-bounds write flaw was found in the Linux kernel\u2019s console driver functionality in the way a user triggers the ioctl PIO_FONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2021-33656", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-01-05T10:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-33656\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33656\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"], "statement": "This flaw is rated as a having Moderate impact, because only local user with the access to the VGA device can trigger it.", "threat_severity": "Moderate"}