ACK: [SRU][N][PATCH 0/1] CVE-2024-53104
Jose Ogando
jose.ogando at canonical.com
Mon Feb 10 19:33:47 UTC 2025
Looks good to me.
Acked-by: Jose Ogando <jose.ogando at canonical.com>
On Mon, 2025-02-10 at 18:42 +0100, Massimiliano Pellizzer wrote:
> [Impact]
>
> media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
> uvc_parse_format
>
> This can lead to out of bounds writes since frames of this type were
> not
> taken into account when calculating the size of the frames buffer in
> uvc_parse_streaming.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2091645)
> Noble: Cherry picked from mainline
> Jammy: Fixed via upstream stable updates (LP: #2089533)
> Focal: Fixed via upstream stable updates (LP: #2089558)
>
> [Test case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the USB Video Class subsystem. An issue with this fix
> may lead to incorrect handling of video streaming for UVC devices. A
> user might experience probelms such as webcams failing to initialize
> correctly, interruptions in video streaming, or incorrect handling of
> video frame formats.
>
> Benoit Sevens (1):
> media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
> uvc_parse_format
>
> drivers/media/usb/uvc/uvc_driver.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.43.0
>
>
More information about the kernel-team
mailing list