CVE-2021-42739: Buffer Overflow
First published: Tue Apr 20 2021(Updated: )
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <3.10.0 | 3.10.0 |
| Linux Linux kernel | <=5.14.13 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =9.0 | |
| Starwindsoftware Starwind San \& Nas | =v8r12 | |
| Starwindsoftware Starwind Virtual San | =v8r13-14338 | |
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
| Oracle Communications Cloud Native Core Policy | =22.2.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://seclists.org/oss-sec/2021/q2/46
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
- https://access.redhat.com/solutions/41278
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1965287
- https://access.redhat.com/errata/RHSA-2022:0063
- https://access.redhat.com/errata/RHSA-2022:0065
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://bugzilla.redhat.com/show_bug.cgi?id=1951739
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.starwindsoftware.com/security/sw-20220804-0001/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
- https://launchpad.net/bugs/cve/CVE-2021-42739
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42739
- https://nvd.nist.gov/vuln/detail/CVE-2021-42739
- https://security-tracker.debian.org/tracker/CVE-2021-42739
- https://ubuntu.com/security/CVE-2021-42739
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-42739
- agent/software-canonical-lookup
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/softwarecombine
- agent/event
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.14.13
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/starwindsoftware
- canonical/starwindsoftware starwind san \& nas
- version/starwindsoftware starwind san \& nas/v8r12
- canonical/starwindsoftware starwind virtual san
- version/starwindsoftware starwind virtual san/v8r13-14338
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.2.0
- package-manager/debian