CVE-2021-42739

Опубликовано: 20 окт. 2021

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1951739
Issue Tracking
Mitigation
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
https://seclists.org/oss-sec/2021/q2/46
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220804-0001/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1951739
Issue Tracking
Mitigation
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
https://seclists.org/oss-sec/2021/q2/46
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220804-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.14.13 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:*:*:*:*:*:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00022

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-42739

CVSS3: 6.7

ubuntu

больше 3 лет назад

CVE-2021-42739

CVSS3: 6.7

redhat

около 4 лет назад

CVE-2021-42739

CVSS3: 6.7

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-42739

CVSS3: 6.7

debian

больше 3 лет назад

The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...

SUSE-SU-2022:0242-1

suse-cvrf

больше 3 лет назад

Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP5)

EPSS

Процентиль: 4%

0.00022

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787