CVE-2021-42739

{"id": "CVE-2021-42739", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2021-10-20T07:15:09.140", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e", "source": "cve@mitre.org"}, {"url": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/", "source": "cve@mitre.org"}, {"url": "https://seclists.org/oss-sec/2021/q2/46", "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.starwindsoftware.com/security/sw-20220804-0001/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/oss-sec/2021/q2/46", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.starwindsoftware.com/security/sw-20220804-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking."}, {"lang": "es", "value": "Se ha encontrado un fallo de desbordamiento de b\u00fafer basado en la pila en el controlador de la tarjeta multimedia FireDTV del kernel de Linux, donde el usuario llama al ioctl CA_SEND_MSG. Este fallo permite a un usuario local de la m\u00e1quina anfitriona bloquear el sistema o escalar privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema"}], "lastModified": "2024-11-21T06:28:04.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8919DDD-6C51-4A2E-8CAB-09145C28945E", "versionEndIncluding": "5.14.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:starwindsoftware:starwind_san_\\&_nas:v8r12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D7C2A6-CA6B-44DB-818D-BC2BE89E93D6"}, {"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14338:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69561727-6405-4EAF-905E-6D5C9761E6EB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}