CVE-2021-42739

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

CVSS v3 6.7 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1951739	Issue Tracking Mitigation Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
https://seclists.org/oss-sec/2021/q2/46
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220804-0001/	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1951739	Issue Tracking Mitigation Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
https://seclists.org/oss-sec/2021/q2/46
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220804-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:::::::*
	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338::::::

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*

History

21 Nov 2024, 06:28

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Issue Tracking, Mitigation, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Issue Tracking, Mitigation, Third Party Advisory
References	~~() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e -~~	() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e -
References	~~() https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/ -~~	() https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/ -
References	~~() https://seclists.org/oss-sec/2021/q2/46 -~~	() https://seclists.org/oss-sec/2021/q2/46 -
References	~~() https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References	~~() https://www.starwindsoftware.com/security/sw-20220804-0001/ - Third Party Advisory~~	() https://www.starwindsoftware.com/security/sw-20220804-0001/ - Third Party Advisory

24 Mar 2024, 23:15

Type	Values Removed	Values Added
Summary	(en) A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	(en) The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
References		() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - () https://seclists.org/oss-sec/2021/q2/46 -

07 Nov 2022, 19:04

Type	Values Removed	Values Added
CPE	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v18r13:14338::::::	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338::::::

25 Oct 2022, 16:43

Type	Values Removed	Values Added
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References	~~(MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ -~~	(MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ - Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Mitigation, Third Party Advisory~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::* cpe:2.3:a:starwindsoftware:starwind_virtual_san:v18r13:14338:::::: cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::* cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:::::::*

11 Oct 2022, 22:15

Type	Values Removed	Values Added
References		(MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ -

25 Jul 2022, 18:17

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

06 Apr 2022, 14:12

Type	Values Removed	Values Added
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*
References	~~(MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ -~~	(MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ - Patch, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Mitigation, Third Party Advisory

01 Apr 2022, 23:15

Type	Values Removed	Values Added
Summary	The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.	A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References	~~{'url': 'https://www.debian.org/security/2022/dsa-5096', 'name': 'DSA-5096', 'tags': [], 'refsource': 'DEBIAN'}~~ ~~{'url': 'https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html', 'name': '[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update', 'tags': [], 'refsource': 'MLIST'}~~ {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/', 'name': 'FEDORA-2021-fdef34e26f', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} ~~{'url': 'https://seclists.org/oss-sec/2021/q2/46', 'name': 'https://seclists.org/oss-sec/2021/q2/46', 'tags': ['Exploit', 'Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'}~~ {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/', 'name': 'FEDORA-2021-7de33b7016', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} ~~{'url': 'https://security.netapp.com/advisory/ntap-20211118-0001/', 'name': 'https://security.netapp.com/advisory/ntap-20211118-0001/', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}~~ {'url': 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e', 'name': 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory', 'Vendor Advisory'], 'refsource': 'MISC'} {'url': 'https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html', 'name': '[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/', 'name': 'FEDORA-2021-8364530ebf', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	(MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 -

10 Mar 2022, 17:44

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5096 - (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html -

17 Dec 2021, 01:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html -

18 Nov 2021, 16:00

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 4.6 v3 : 6.7
CPE		cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ - Mailing List, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Vendor Advisory~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Third Party Advisory, Vendor Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ - Mailing List, Third Party Advisory

18 Nov 2021, 08:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ -

14 Nov 2021, 06:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ -

26 Oct 2021, 18:57

Type	Values Removed	Values Added
References	~~(MISC) https://seclists.org/oss-sec/2021/q2/46 -~~	(MISC) https://seclists.org/oss-sec/2021/q2/46 - Exploit, Mailing List, Patch, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Vendor Advisory
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 7.8

20 Oct 2021, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-20 07:15

Updated : 2024-11-21 06:28

NVD link : CVE-2021-42739

Mitre link : CVE-2021-42739

CVE.ORG link : CVE-2021-42739

JSON object : View

Products Affected

oracle

communications_cloud_native_core_network_exposure_function
communications_cloud_native_core_policy
communications_cloud_native_core_binding_support_function

starwindsoftware

starwind_virtual_san
starwind_san_\&_nas

debian

debian_linux

linux

linux_kernel

fedoraproject

fedora

CWE

CWE-787

Out-of-bounds Write

6.7 /10