CVE-2021-42739

Sažetak

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1951739
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
https://seclists.org/oss-sec/2021/q2/46
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.starwindsoftware.com/security/sw-20220804-0001/

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-03-2024 - 23:15

Objavljeno

20-10-2021 - 07:15