[SRU][N][PATCH 0/1] CVE-2024-53104
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Feb 10 17:42:02 UTC 2025
[Impact]
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
[Fix]
Oracular: Fixed via upstream stable updates (LP: #2091645)
Noble: Cherry picked from mainline
Jammy: Fixed via upstream stable updates (LP: #2089533)
Focal: Fixed via upstream stable updates (LP: #2089558)
[Test case]
Compile tested only.
[Where problems could occur]
The fix affects the USB Video Class subsystem. An issue with this fix
may lead to incorrect handling of video streaming for UVC devices. A
user might experience probelms such as webcams failing to initialize
correctly, interruptions in video streaming, or incorrect handling of
video frame formats.
Benoit Sevens (1):
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format
drivers/media/usb/uvc/uvc_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list