CVE-2021-42739: Buffer Overflow
First published: Tue Apr 20 2021(Updated: )
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <3.10.0 | 3.10.0 |
| Linux Kernel | <=5.14.13 | |
| Fedora | =33 | |
| Fedora | =34 | |
| Fedora | =35 | |
| Debian | =9.0 | |
| StarWind SAN & NAS | =v8r12 | |
| StarWind Virtual SAN | =v8r13-14338 | |
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
| Oracle Communications Cloud Native Core Policy | =22.2.0 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://seclists.org/oss-sec/2021/q2/46
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
- https://access.redhat.com/solutions/41278
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1965287
- https://access.redhat.com/errata/RHSA-2022:0063
- https://access.redhat.com/errata/RHSA-2022:0065
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://bugzilla.redhat.com/show_bug.cgi?id=1951739
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.starwindsoftware.com/security/sw-20220804-0001/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
- https://launchpad.net/bugs/cve/CVE-2021-42739
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42739
- https://nvd.nist.gov/vuln/detail/CVE-2021-42739
- https://security-tracker.debian.org/tracker/CVE-2021-42739
- https://ubuntu.com/security/CVE-2021-42739
Frequently Asked Questions
What is the severity of CVE-2021-42739?
CVE-2021-42739 has a high severity rating due to its potential to enable privilege escalation and system crashes.
How do I fix CVE-2021-42739?
To mitigate CVE-2021-42739, you should update to the fixed versions of the Linux kernel, specifically 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.128-1, 6.12.12-1, or 6.12.13-1.
Which systems are affected by CVE-2021-42739?
CVE-2021-42739 affects various distributions of the Linux kernel, specifically versions up to 5.14.13 and kernel packages from Red Hat and Debian.
Can CVE-2021-42739 be exploited remotely?
CVE-2021-42739 is a local vulnerability, meaning that exploitation requires a local user to have access to the host system.
What are the consequences of exploiting CVE-2021-42739?
Exploiting CVE-2021-42739 may lead to privilege escalation, allowing an attacker to gain elevated permissions and potentially take control of the system.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-42739
- agent/software-canonical-lookup
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.14.13
- vendor/fedoraproject
- canonical/fedora
- version/fedora/33
- version/fedora/34
- version/fedora/35
- vendor/debian
- canonical/debian
- version/debian/9.0
- vendor/starwindsoftware
- canonical/starwind san & nas
- version/starwind san & nas/v8r12
- canonical/starwind virtual san
- version/starwind virtual san/v8r13-14338
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.2.0
- package-manager/debian