CVE-2021-42739

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

CVSS v3 6.7 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1951739	Issue Tracking Mitigation Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
https://seclists.org/oss-sec/2021/q2/46
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220804-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:::::::*
	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338::::::

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*

History

24 Mar 2024, 23:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - () https://seclists.org/oss-sec/2021/q2/46 -
Summary	(en) A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	(en) The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

07 Nov 2023, 03:39

Type	Values Removed	Values Added
References	{'url': 'https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/', 'name': 'https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}	() https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/ -

07 Nov 2022, 19:04

Type	Values Removed	Values Added
CPE	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v18r13:14338::::::	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338::::::

25 Oct 2022, 16:43

Type	Values Removed	Values Added
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References	~~(MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ -~~	(MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ - Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Mitigation, Third Party Advisory~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:::::::* cpe:2.3:a:starwindsoftware:starwind_virtual_san:v18r13:14338:::::: cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
First Time		Starwindsoftware Oracle communications Cloud Native Core Binding Support Function Oracle communications Cloud Native Core Policy Oracle communications Cloud Native Core Network Exposure Function Starwindsoftware starwind Virtual San Oracle Starwindsoftware starwind San \& Nas

11 Oct 2022, 22:15

Type	Values Removed	Values Added
References		(MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ -

25 Jul 2022, 18:17

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

06 Apr 2022, 14:12

Type	Values Removed	Values Added
References	~~(MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ -~~	(MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ - Patch, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Mitigation, Third Party Advisory
First Time		Debian Debian debian Linux
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*

01 Apr 2022, 23:15

Type	Values Removed	Values Added
Summary	The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.	A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References	~~{'url': 'https://security.netapp.com/advisory/ntap-20211118-0001/', 'name': 'https://security.netapp.com/advisory/ntap-20211118-0001/', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}~~ ~~{'url': 'https://seclists.org/oss-sec/2021/q2/46', 'name': 'https://seclists.org/oss-sec/2021/q2/46', 'tags': ['Exploit', 'Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'}~~ {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/', 'name': 'FEDORA-2021-fdef34e26f', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html', 'name': '[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update', 'tags': [], 'refsource': 'MLIST'} ~~{'url': 'https://www.debian.org/security/2022/dsa-5096', 'name': 'DSA-5096', 'tags': [], 'refsource': 'DEBIAN'}~~ {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/', 'name': 'FEDORA-2021-8364530ebf', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e', 'name': 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory', 'Vendor Advisory'], 'refsource': 'MISC'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/', 'name': 'FEDORA-2021-7de33b7016', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} ~~{'url': 'https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html', 'name': '[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update', 'tags': [], 'refsource': 'MLIST'}~~	(MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 -

10 Mar 2022, 17:44

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5096 - (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html -

17 Dec 2021, 01:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html -

18 Nov 2021, 16:00

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ - Mailing List, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Vendor Advisory~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Third Party Advisory, Vendor Advisory
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 4.6 v3 : 6.7

18 Nov 2021, 08:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ -

14 Nov 2021, 06:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ -

26 Oct 2021, 18:57

Type	Values Removed	Values Added
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://seclists.org/oss-sec/2021/q2/46 -~~	(MISC) https://seclists.org/oss-sec/2021/q2/46 - Exploit, Mailing List, Patch, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 7.8
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-787

20 Oct 2021, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-20 07:15

Updated : 2024-03-24 23:15

NVD link : CVE-2021-42739

Mitre link : CVE-2021-42739

CVE.ORG link : CVE-2021-42739

JSON object : View

Products Affected

fedoraproject

fedora

oracle

communications_cloud_native_core_policy
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_network_exposure_function

starwindsoftware

starwind_virtual_san
starwind_san_\&_nas

debian

debian_linux

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

6.7 /10