Hello
I was tasked with assessing the risk due to CVE-2021-3612 concerning some legacy machines.
When I checked the existing data to that flaw, I couldn't find much info on what an attacker needs to do on my systems to use that flaw, but [https://lists.debian.org/debian-lts-ann ... 00010.html] and similar other sources alike say this:
Would the malicious actor need to be already on my systems as this mentions a local attacker?
If so, are servers, installed with minimal software and definitly no joysticks plugged in, even vulnerable?
Thanks in advance for advice.
Regards
P
I was tasked with assessing the risk due to CVE-2021-3612 concerning some legacy machines.
When I checked the existing data to that flaw, I couldn't find much info on what an attacker needs to do on my systems to use that flaw, but [https://lists.debian.org/debian-lts-ann ... 00010.html] and similar other sources alike say this:
Do I read this right, that for exploiting that, a joystick or a hardware device posing as such would need to be plugged into my machines?CVE-2021-3612
Murray McAllister reported a flaw in the joystick input subsystem.
A local user permitted to access a joystick device could exploit
this to read and write out-of-bounds in the kernel, which could
be used for privilege escalation.
Would the malicious actor need to be already on my systems as this mentions a local attacker?
If so, are servers, installed with minimal software and definitly no joysticks plugged in, even vulnerable?
Thanks in advance for advice.
Regards
P
Statistics: Posted by poweruser181 — 2024-04-17 07:38 — Replies 3 — Views 118