The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1951739 | Issue Tracking Mitigation Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e | |
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/ | |
https://seclists.org/oss-sec/2021/q2/46 | |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
https://www.starwindsoftware.com/security/sw-20220804-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
24 Mar 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. |
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Nov 2022, 19:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:* |
25 Oct 2022, 16:43
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.starwindsoftware.com/security/sw-20220804-0001/ - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Issue Tracking, Mitigation, Third Party Advisory | |
CPE | cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:*:*:*:*:*:*:* cpe:2.3:a:starwindsoftware:starwind_virtual_san:v18r13:14338:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* |
|
First Time |
Starwindsoftware
Oracle communications Cloud Native Core Binding Support Function Oracle communications Cloud Native Core Policy Oracle communications Cloud Native Core Network Exposure Function Starwindsoftware starwind Virtual San Oracle Starwindsoftware starwind San \& Nas |
11 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 14:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ - Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - Mitigation, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
01 Apr 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |
References |
|
|
10 Mar 2022, 17:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Nov 2021, 16:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKMQEOEESIO3GMHAOL3NYS36FER6UTWA/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0001/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOWGMZ2MJFUGNA5QSD5JF4QHIC4URATS/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EHZNHNHRLPC2NJKUDS5PJG5AGRYJVJN/ - Mailing List, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Third Party Advisory, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.7 |
18 Nov 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Nov 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2021, 18:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://seclists.org/oss-sec/2021/q2/46 - Exploit, Mailing List, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-787 |
20 Oct 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-20 07:15
Updated : 2024-03-24 23:15
NVD link : CVE-2021-42739
Mitre link : CVE-2021-42739
CVE.ORG link : CVE-2021-42739
JSON object : View
Products Affected
fedoraproject
- fedora
oracle
- communications_cloud_native_core_policy
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_network_exposure_function
starwindsoftware
- starwind_virtual_san
- starwind_san_\&_nas
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-787
Out-of-bounds Write