gsd-2021-42739
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2021-42739",
    "description": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.",
    "id": "GSD-2021-42739",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-42739.html",
      "https://www.debian.org/security/2022/dsa-5096",
      "https://access.redhat.com/errata/RHSA-2022:0065",
      "https://access.redhat.com/errata/RHSA-2022:0063",
      "https://ubuntu.com/security/CVE-2021-42739",
      "https://advisories.mageia.org/CVE-2021-42739.html",
      "https://security.archlinux.org/CVE-2021-42739",
      "https://linux.oracle.com/cve/CVE-2021-42739.html",
      "https://access.redhat.com/errata/RHSA-2022:1975",
      "https://access.redhat.com/errata/RHSA-2022:1988"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-42739"
      ],
      "details": "A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
      "id": "GSD-2021-42739",
      "modified": "2023-12-13T01:23:06.581150Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-42739",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/",
            "refsource": "MISC",
            "url": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/"
          },
          {
            "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e",
            "refsource": "MISC",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e"
          },
          {
            "name": "https://seclists.org/oss-sec/2021/q2/46",
            "refsource": "MISC",
            "url": "https://seclists.org/oss-sec/2021/q2/46"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "https://www.starwindsoftware.com/security/sw-20220804-0001/",
            "refsource": "MISC",
            "url": "https://www.starwindsoftware.com/security/sw-20220804-0001/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C8919DDD-6C51-4A2E-8CAB-09145C28945E",
                    "versionEndIncluding": "5.14.13",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:starwindsoftware:starwind_san_\\\u0026_nas:v8r12:*:*:*:*:*:*:*",
                    "matchCriteriaId": "45D7C2A6-CA6B-44DB-818D-BC2BE89E93D6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:*",
                    "matchCriteriaId": "69561727-6405-4EAF-905E-6D5C9761E6EB",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking."
          },
          {
            "lang": "es",
            "value": "Se ha encontrado un fallo de desbordamiento de b\u00fafer basado en la pila en el controlador de la tarjeta multimedia FireDTV del kernel de Linux, donde el usuario llama al ioctl CA_SEND_MSG. Este fallo permite a un usuario local de la m\u00e1quina anfitriona bloquear el sistema o escalar privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema"
          }
        ],
        "id": "CVE-2021-42739",
        "lastModified": "2024-03-24T23:15:08.387",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 0.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-10-20T07:15:09.140",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking",
              "Mitigation",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://seclists.org/oss-sec/2021/q2/46"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220804-0001/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.