CVE-2021-30002

medium

Published 2022-11-08 · Modified 2022-11-12

CVSS v3

—

VIR risk

5.5

Description

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact

OS	Version	Status	Fixed in
sles		affected
rocky	8	fixed
debian	bookworm	fixed	`5.10.24-1`
debian	bullseye	fixed	`5.10.24-1`
debian	forky	fixed	`5.10.24-1`
debian	sid	fixed	`5.10.24-1`
debian	trixie	fixed	`5.10.24-1`

References

https://www.suse.com/security/cve/CVE-2021-30002.html
https://errata.rockylinux.org/RLSA-2022:7683
https://errata.rockylinux.org/RLSA-2022:7444
https://security-tracker.debian.org/tracker/CVE-2021-30002
https://access.redhat.com/errata/RHSA-2022:7683
https://bugzilla.redhat.com/1946279
https://bugzilla.redhat.com/1980646
https://bugzilla.redhat.com/2037386
https://bugzilla.redhat.com/2051444
https://bugzilla.redhat.com/2053632
https://bugzilla.redhat.com/2058395
https://bugzilla.redhat.com/2059928
https://bugzilla.redhat.com/2062284
https://bugzilla.redhat.com/2066614
https://bugzilla.redhat.com/2066706
https://bugzilla.redhat.com/2069408
https://bugzilla.redhat.com/2070205
https://bugzilla.redhat.com/2070220
https://bugzilla.redhat.com/2073064
https://bugzilla.redhat.com/2074208
https://bugzilla.redhat.com/2084183
https://bugzilla.redhat.com/2084479
https://bugzilla.redhat.com/2088021
https://bugzilla.redhat.com/2089815
https://bugzilla.redhat.com/2096178

💬 Discuss CVE-2021-30002 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.