CVE-2021-42739 Information

Description

A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ https://bugzilla.redhat.com/show_bug.cgi?id=1951739

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.7