CVE-2021-42739

moderate-risk

Published 2021-10-20

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (10)

Linux Kernel

Fedora

Debian Linux

Starwind San \& Nas

Starwind Virtual San

Communications Cloud Native Core Binding Support Function

Communications Cloud Native Core Network Exposure Function

Communications Cloud Native Core Policy

Affected Vendors

Debian Linux Oracle Fedoraproject Starwindsoftware

References (12)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1951739

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35...

https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/

https://seclists.org/oss-sec/2021/q2/46

Patch https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory https://www.starwindsoftware.com/security/sw-20220804-0001/

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1951739

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35...

https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/

https://seclists.org/oss-sec/2021/q2/46

Patch https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory https://www.starwindsoftware.com/security/sw-20220804-0001/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 16/34 · Moderate