CVE-2021-42739
published 2021-10-20CVE-2021-42739: The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and…
PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.44%
35.4th percentile
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 5.14.16-1 (bookworm) | linux 5.14.16-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | <= 5.14.13 | — |
| linux | linux_kernel | >= 0 < 5.10.84-1 | 5.10.84-1 |
| linux | linux_kernel | >= 0 < 5.14.16-1 | 5.14.16-1 |
| linux | linux_kernel | >= 0 < 5.14.16-1 | 5.14.16-1 |
| linux | linux_kernel | >= 0 < 5.14.16-1 | 5.14.16-1 |
| linux | linux_kernel | >= 0 < 4.15.0-167.175 | 4.15.0-167.175 |
| linux | linux_kernel | >= 0 < 5.4.0-97.110 | 5.4.0-97.110 |
| linux | linux_kernel | >= 0 < 5.4.0-99.112 | 5.4.0-99.112 |
| linux | linux_kernel | >= 0 < 4.4.0-223.256 | 4.4.0-223.256 |
| msrc | cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_kernel_5.10.78.1-1_on_cbl_mariner_1.0 | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_cloud_native_core_network_exposure_function | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| paloalto | pan-os | — | — |
| starwindsoftware | starwind_san_nas | — | — |
| starwindsoftware | starwind_virtual_san | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian6.7MEDIUM
vendor_msrc6.7MEDIUM
vendor_redhat6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f3hh-px86-x7cx: The firewire subsystem in the Linux kernel through 5
ghsa_unreviewed·2022-05-24
CVE-2021-42739 [HIGH] CWE-787 GHSA-f3hh-px86-x7cx: The firewire subsystem in the Linux kernel through 5
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2022-04-01·CVSS 5.3
CVE-2020-12888 [MEDIUM] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that the VFIO PCI driver in the Linux kernel did not
properly handle attempts to access disabled memory spaces. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2020-12888)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did
not properly verify certain fragmented frames. A physically proximate
attacker could possibly use this issue to inject or decrypt packets.
(CVE-2020-26141)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
accepted plaintext fragments in certain situations. A physically proximate
attacker could use this issue to inject packets. (CVE-2020-26145)
It was discovered that a race condition existed in the Atheros Ath9k Wi
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities
osv·2022-02-17·CVSS 7.0
CVE-2021-3640 [HIGH] linux-raspi, linux-raspi-5.4 vulnerabilities
linux-raspi, linux-raspi-5.4 vulnerabilities
USN-5267-1 fixed vulnerabilities in the Linux kernel. This update
provides the corresponding updates for the Linux kernel for Raspberry
Pi devices.
Original advisory details:
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
Luo Likang discovered that the FireDTV Firewire driver in the Linux
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linu
osv·2022-02-11·CVSS 7.0
[HIGH] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linu
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 regression
USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately,
that update introduced a regression that caused the kernel to freeze
when accessing CIFS shares in some situations. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2022-02-03·CVSS 7.4
CVE-2021-20322 [HIGH] linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Keyu Man discovered that the ICMP implementation in the Linux kernel did
not properly handle received ICMP error packets. A remote attacker could
use this to facilitate attacks on UDP based services that depend on source
port randomization. (CVE-2021-20322)
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vu
OSV
linux, linux-aws, linux-aws-5.11, linux-aws-5.13, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.13, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux-raspi vulnerabilities
osv·2022-02-03·CVSS 4.7
CVE-2020-27820 [MEDIUM] linux, linux-aws, linux-aws-5.11, linux-aws-5.13, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.13, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux-raspi vulnerabilities
linux, linux-aws, linux-aws-5.11, linux-aws-5.13, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.13, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux-raspi vulnerabilities
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-
osv·2022-02-03·CVSS 7.0
CVE-2021-3640 [HIGH] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
Luo Likang discovered that the FireDTV Firewire driver in the Linux k
OSV
linux-gke, linux-gke-5.4 vulnerabilities
osv·2022-02-03·CVSS 7.0
CVE-2021-22600 [HIGH] linux-gke, linux-gke-5.4 vulnerabilities
linux-gke, linux-gke-5.4 vulnerabilities
It was discovered that the Packet network protocol implementation in the
Linux kernel contained a double-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-22600)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
OSV
linux-oem-5.10 vulnerabilities
osv·2022-01-05·CVSS 4.1
CVE-2021-4002 [MEDIUM] linux-oem-5.10 vulnerabilities
linux-oem-5.10 vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages. (CVE-2021-4002)
It was discovered that the eBPF implementation in the Linux kernel
contained a race condition around read-only maps. A privileged attacker
could use this to modify read-only maps. (CVE-2021-4001)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
It was discovered that the TIPC Protocol implementation in the L
OSV
linux-oem-5.14 vulnerabilities
osv·2021-11-30·CVSS 7.8
CVE-2021-3760 [HIGH] linux-oem-5.14 vulnerabilities
linux-oem-5.14 vulnerabilities
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)
It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)
It was discovered that the AMD Radeon GPU driver in the Linux kernel did
not properly validate writes in the debugfs file system. A privileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary
OSV
CVE-2021-42739: The firewire subsystem in the Linux kernel through 5
osv·2021-10-20·CVSS 6.7
CVE-2021-42739 [MEDIUM] CVE-2021-42739: The firewire subsystem in the Linux kernel through 5
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-04-01·CVSS 5.3
CVE-2021-42739 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the VFIO PCI driver in the Linux kernel did not
properly handle attempts to access disabled memory spaces. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2020-12888)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did
not properly verify certain fragmented frames. A physically proximate
attacker could possibly use this issue to inject or decrypt packets.
(CVE-2020-26141)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
accepted plaintext fragments in certain situations. A physically proximate
attacker could use this issue to inject packets. (CVE-2020-26145)
It was discovered that a race c
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2022-02-17·CVSS 7.0
CVE-2021-3640 [HIGH] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-5267-1 fixed vulnerabilities in the Linux kernel. This update
provides the corresponding updates for the Linux kernel for Raspberry
Pi devices.
Original advisory details:
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-37
Ubuntu
Linux kernel regression
vendor_ubuntu·2022-02-11·CVSS 7.0
[HIGH] Linux kernel regression
Title: Linux kernel regression
Summary: Several security issues were fixed in the Linux kernel.
USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately,
that update introduced a regression that caused the kernel to freeze
when accessing CIFS shares in some situations. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to caus
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-02-03·CVSS 7.0
CVE-2021-3752 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial o
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-02-03·CVSS 7.4
CVE-2021-3752 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Keyu Man discovered that the ICMP implementation in the Linux kernel did
not properly handle received ICMP error packets. A remote attacker could
use this to facilitate attacks on UDP based services that depend on source
port randomization. (CVE-2021-20322)
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of serv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-02-03·CVSS 4.7
CVE-2021-4001 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)
It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
o
Ubuntu
Linux kernel (GKE) vulnerabilities
vendor_ubuntu·2022-02-03·CVSS 6.6
CVE-2021-22600 [MEDIUM] Linux kernel (GKE) vulnerabilities
Title: Linux kernel (GKE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Packet network protocol implementation in the
Linux kernel contained a double-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-22600)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel u
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2022-01-05·CVSS 4.1
CVE-2021-42739 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages. (CVE-2021-4002)
It was discovered that the eBPF implementation in the Linux kernel
contained a race condition around read-only maps. A privileged attacker
could use this to modify read-only maps. (CVE-2021-4001)
Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2021-11-30·CVSS 7.8
CVE-2021-3772 [HIGH] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)
It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)
It was discovered that the AMD Radeon GPU driver in the Linux kernel did
not properly validate writes in the debugfs file system. A privileged
attacker could use t
Microsoft
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c because avc_ca_pmt mishandles b
vendor_msrc·2021-10-12·CVSS 6.7
CVE-2021-42739 [MEDIUM] CWE-787 The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c because avc_ca_pmt mishandles b
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c because avc_ca_pmt mishandles bounds checking.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we
Red Hat
kernel: Heap buffer overflow in firedtv driver
vendor_redhat·2021-04-20·CVSS 6.7
CVE-2021-42739 [MEDIUM] CWE-119 kernel: Heap buffer overflow in firedtv driver
kernel: Heap buffer overflow in firedtv driver
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Mitigation: To mitigate this issue, prevent the module firedtv from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel m
Debian
CVE-2021-42739: linux - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow...
vendor_debian·2021·CVSS 6.7
CVE-2021-42739 [MEDIUM] CVE-2021-42739: linux - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow...
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
Scope: local
bookworm: resolved (fixed in 5.14.16-1)
bullseye: resolved (fixed in 5.10.84-1)
forky: resolved (fixed in 5.14.16-1)
sid: resolved (fixed in 5.14.16-1)
trixie: resolved (fixed in 5.14.16-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1951739https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4ehttps://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/https://seclists.org/oss-sec/2021/q2/46https://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.starwindsoftware.com/security/sw-20220804-0001/https://bugzilla.redhat.com/show_bug.cgi?id=1951739https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4ehttps://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/https://seclists.org/oss-sec/2021/q2/46https://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.starwindsoftware.com/security/sw-20220804-0001/
2021-10-20
Published