CVE-2021-42739
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
20/10/2021
Last modified:
24/03/2024
Description
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.14.13 (including) | |
| cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.redhat.com/show_bug.cgi?id=1951739
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
- https://seclists.org/oss-sec/2021/q2/46
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.starwindsoftware.com/security/sw-20220804-0001/