Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 25
obsolete weakness #271


Weakness Breakdown


An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 25 obsolete weakness.


    avrdude_message(MSG_INFO, "%s: Device is not responding to program enable. Check connection.\n",

    return -1;

 * initialize the AVR device and prepare it to accept commands
static int ft245r_initialize(PROGRAMMER * pgm, AVRPART * p) {

    /* Apply power between VCC and GND while RESET and SCK are set to “0”. In some systems,
     * the programmer can not guarantee that SCK is held low during power-up. In this
     * case, RESET must be given a positive pulse of at least two CPU clock cycles duration
     * after SCK has been set to “0”.
    set_sck(pgm, OFF);

    set_reset(pgm, OFF);
    usleep(5000); // 5ms
    set_reset(pgm, ON);
    usleep(5000); // 5ms
    set_reset(pgm, OFF);

    /* Wait for at least 20 ms and enable serial programming by sending the Programming
     * Enable serial instruction to pin MOSI.
    usleep(20000); // 20ms

    return ft245r_program_enable(pgm, p);

static inline int set_data(PROGRAMMER * pgm, unsigned char *buf, unsigned char data) {
    int j;
    int buf_pos = 0;
    unsigned char bit = 0x80;

    for (j=0; j<8; j++) {
        ft245r_out = SET_BITS_0(ft245r_out,pgm,PIN_AVR_MOSI,data & bit);

        ft245r_out = SET_BITS_0(ft245r_out,pgm,PIN_AVR_SCK,0);
        buf[buf_pos] = ft245r_out;

        ft245r_out = SET_BITS_0(ft245r_out,pgm,PIN_AVR_SCK,1); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.