cbcvebase.
CVE-2021-42739
published 2021-10-20

CVE-2021-42739: The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and…

PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.44%
35.4th percentile
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

Affected

22 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 5.14.16-1 (bookworm)linux 5.14.16-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
linuxlinux_kernel<= 5.14.13
linuxlinux_kernel>= 0 < 5.10.84-15.10.84-1
linuxlinux_kernel>= 0 < 5.14.16-15.14.16-1
linuxlinux_kernel>= 0 < 5.14.16-15.14.16-1
linuxlinux_kernel>= 0 < 5.14.16-15.14.16-1
linuxlinux_kernel>= 0 < 4.15.0-167.1754.15.0-167.175
linuxlinux_kernel>= 0 < 5.4.0-97.1105.4.0-97.110
linuxlinux_kernel>= 0 < 5.4.0-99.1125.4.0-99.112
linuxlinux_kernel>= 0 < 4.4.0-223.2564.4.0-223.256
msrccbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0
msrccm1_kernel_5.10.78.1-1_on_cbl_mariner_1.0
oraclecommunications_cloud_native_core_binding_support_function
oraclecommunications_cloud_native_core_network_exposure_function
oraclecommunications_cloud_native_core_policy
paloaltopan-os
starwindsoftwarestarwind_san_nas
starwindsoftwarestarwind_virtual_san

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian6.7MEDIUM
vendor_msrc6.7MEDIUM
vendor_redhat6.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.