[SRU][F/J][PATCH 0/1] CVE-2024-43900
Jacob Martin
jacob.martin at canonical.com
Wed Jan 15 15:11:28 UTC 2025
[Impact]
A race condition exists in the xc2028 tuner driver between device removal and
the firmware loading callback, resulting in a use-after-free vulnerability with
the frontend pointer. This is resolved with an extra check in the firmware
loading callback to return early if the frontend pointer is no longer valid.
[Fix]
Oracular: Not affected
Noble: Fix released
Jammy: Clean cherry pick from mainline
Focal: Clean cherry pick from mainline
Bionic: Patch sent to ESM list
Xenial: Patch sent to ESM list
Trusty: Patch sent to ESM list
[Test Case]
Compile tested.
[Where problems could occur]
This change is isolated to the xc2028 tuner driver. Issues with this patch
could result in the driver misbehaving or failing to load firmware.
Chi Zhiling (1):
media: xc2028: avoid use-after-free in load_firmware_cb()
drivers/media/tuners/tuner-xc2028.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list