CVE-2021-42739

EPSS 0.11%
Veröffentlicht 20.10.2021 07:15:09
Zuletzt bearbeitet 21.11.2024 06:28:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 10 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.14.13

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Debian ≫ Debian Linux Version9.0

Starwindsoftware ≫ Starwind San & Nas Versionv8r12

Starwindsoftware ≫ Starwind Virtual San Versionv8r13 Update14338

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3

Oracle ≫ Communications Cloud Native Core Network Exposure Function Version22.1.1

Oracle ≫ Communications Cloud Native Core Policy Version22.2.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.294

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1951739

Third Party Advisory

Issue Tracking

Mitigation

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e

https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/

https://seclists.org/oss-sec/2021/q2/46

https://www.starwindsoftware.com/security/sw-20220804-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-42739

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42739

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42739

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-42739