An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
bugzilla.redhat.com/show_bug.cgi?id=1974079
lists.debian.org/debian-lts-announce/2021/10/msg00010.html
lists.debian.org/debian-lts-announce/2021/12/msg00012.html
lists.fedoraproject.org/archives/list/[email protected]/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
lore.kernel.org/linux-input/[email protected]/
security.netapp.com/advisory/ntap-20210805-0005/
www.oracle.com/security-alerts/cpujul2022.html