CVE-2021-42739
Published on: 10/20/2021 12:00:00 AM UTC
Last Modified on: 11/07/2022 07:04:00 PM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- CVE-2021-42739 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.7 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | HIGH | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 4.6 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| [SECURITY] [DLA 2941-1] linux-4.19 security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update |
| [PATCH] media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() - Dan Carpenter | lore.kernel.org text/html |
MISC lore.kernel.org/linux-media/[email protected]/ |
| [SECURITY] Fedora 33 Update: kernel-5.14.17-101.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2021-8364530ebf |
| CVE-2021-42739 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20211118-0001/ |
| [SECURITY] Fedora 35 Update: kernel-5.14.17-301.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2021-fdef34e26f |
| 1951739 – (CVE-2021-42739) CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=1951739 |
| oss-sec: Linux kernel: a heap buffer overflow in firedtv driver | seclists.org text/html |
MISC seclists.org/oss-sec/2021/q2/46 |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org text/html |
MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e |
| Debian -- Security Information -- DSA-5096-1 linux | www.debian.org Depreciated Link text/html |
DEBIAN DSA-5096 |
| CVE-2021-42739 Linux kernel vulnerability in StarWind products | www.starwindsoftware.com text/html |
MISC www.starwindsoftware.com/security/sw-20220804-0001/ |
| [SECURITY] [DLA 2843-1] linux security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update |
| Oracle Critical Patch Update Advisory - July 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujul2022.html |
| [SECURITY] Fedora 34 Update: kernel-5.14.17-201.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2021-7de33b7016 |
Related QID Numbers
- 159588 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0063)
- 159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
- 160190 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9969)
- 178943 Debian Security Update for linux (DLA 2843-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 180358 Debian Security Update for linux (CVE-2021-42739)
- 198589 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5165-1)
- 198616 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5207-1)
- 198653 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5265-1)
- 198654 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5266-1)
- 198655 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5268-1)
- 198656 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5267-1)
- 198666 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5267-3)
- 239989 Red Hat Update for kernel-rt (RHSA-2022:0065)
- 239997 Red Hat Update for kernel (RHSA-2022:0063)
- 240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
- 240298 Red Hat Update for kernel security (RHSA-2022:1988)
- 257142 CentOS Security Update for kernel (CESA-2022:0063)
- 257144 CentOS Security Update for kernel (CESA-2022:0063)
- 282057 Fedora Security Update for kernel (FEDORA-2021-8364530ebf)
- 282058 Fedora Security Update for kernel (FEDORA-2021-7de33b7016)
- 282160 Fedora Security Update for kernel (FEDORA-2021-fdef34e26f)
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
- 671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
- 671252 EulerOS Security Update for kernel (EulerOS-SA-2022-1171)
- 671282 EulerOS Security Update for kernel (EulerOS-SA-2022-1255)
- 671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
- 671344 EulerOS Security Update for kernel (EulerOS-SA-2022-1271)
- 751336 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1460-1)
- 751342 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3641-1)
- 751346 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3655-1)
- 751349 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1477-1)
- 751353 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3675-1)
- 751381 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3748-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
- 751687 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2022:0328-1)
- 751688 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (SUSE-SU-2022:0325-1)
- 751689 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (SUSE-SU-2022:0327-1)
- 753087 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 22 for SLE 15) (SUSE-SU-2022:0255-1)
- 753118 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (SUSE-SU-2022:0295-1)
- 753121 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 17 for SLE 15 SP2) (SUSE-SU-2022:0241-1)
- 753155 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 24 for SLE 15) (SUSE-SU-2022:0237-1)
- 753211 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 11 for SLE 15 SP2) (SUSE-SU-2022:0291-1)
- 753257 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 23 for SLE 15) (SUSE-SU-2022:0243-1)
- 753268 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2022:0254-1)
- 753272 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) (SUSE-SU-2022:0234-1)
- 753292 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:0293-1)
- 753329 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 19 for SLE 15 SP2) (SUSE-SU-2022:0238-1)
- 753369 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 13 for SLE 15 SP2) (SUSE-SU-2022:0292-1)
- 753385 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) (SUSE-SU-2022:0257-1)
- 753393 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) (SUSE-SU-2022:0246-1)
- 753408 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) (SUSE-SU-2022:0263-1)
- 753423 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (SUSE-SU-2022:0270-1)
- 900425 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6103)
- 901605 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6601-1)
- 905786 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6103-1)
- 940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Application | Oracle | Communications Cloud Native Core Binding Support Function | 22.1.3 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Exposure Function | 22.1.1 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Policy | 22.2.0 | All | All | All |
| Application | Starwindsoftware | Starwind San Nas | v8r12 | All | All | All |
| Application | Starwindsoftware | Starwind Virtual San | v18r13 | 14338 | All | All |
| Application | Starwindsoftware | Starwind Virtual San | v8r13 | 14338 | All | All |
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:*:*:*:*:*:*:*:
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v18r13:14338:*:*:*:*:*:*:
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2021-42739 : The firewire subsystem in the #Linux #kernel through 5.14.13 has a buffer overflow related to driv… twitter.com/i/web/status/1… | 2021-10-20 07:04:36 |
| @omokazuki |
SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(Medium/Moderate: CVE-2021-42739) #sios_tech #security #vulnerability… twitter.com/i/web/status/1… | 2021-10-21 18:04:00 |