CVE-2021-42739

CWE-787Out-of-bounds WriteCWE-119Buffer Overflow17 documents8 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 70.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux Linux KernelDebian Debian LinuxFedoraproject Fedora+5 more
Timeline
PublishedOct 20
Latest updateMay 24

Description

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.14.13
Debianlinux< 5.10.84-1+3

Also affects: Debian Linux 9.0, Fedora 33, 34, 35

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-f3hh-px86-x7cx: The firewire subsystem in the Linux kernel through 52022-05-24
OSV
linux-gke, linux-gke-5.4 vulnerabilities2022-02-03
OSV
linux-oem-5.10 vulnerabilities2022-01-05
OSV
CVE-2021-42739: The firewire subsystem in the Linux kernel through 52021-10-20
CVEList
CVE-2021-42739: The firewire subsystem in the Linux kernel through 52021-10-20

📋Vendor Advisories

11
Ubuntu
Linux kernel vulnerabilities2022-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2022-02-17
Ubuntu
Linux kernel vulnerabilities2022-02-03
Ubuntu
Linux kernel vulnerabilities2022-02-03
Ubuntu
Linux kernel vulnerabilities2022-02-03
CVE-2021-42739 (MEDIUM CVSS 6.7) | The firewire subsystem in the Linux | cvebase.io