81 matches found
UBUNTU-CVE-2024-43833
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2asynccreateancillarylinks, ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async...
media: v4l: async: Properly re-initialise notifier entry in unregister
...
SUSE CVE-2024-39485
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifierentry of a notifier is not re-initialised after unregistering the notifier. This leads to dangling pointers being left there so use listdelinit to...
SUSE CVE-2024-39464
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...
Google Pixel Security Breach
Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the v4l2smfcqbuf module of smfc-v4l2-ioctls.c, where out-of-bounds writes may exist...
SUSE CVE-2024-35830
In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access...
SUSE CVE-2024-27076
In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2ctrlhandler memory leak Free the memory allocated in v4l2ctrlhandlerinit on release...
UBUNTU-CVE-2024-27078
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc In tpgalloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpgfree is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a v4l2ctrlhandler memory leak...
PT-2024-28505 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, where the struct v4l2 async notifier has several list head members, but only waiting list and done list are initialized. The notifier entry is...
DEBIAN-CVE-2021-46943
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...
CVE-2021-46943
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...
UBUNTU-CVE-2023-52459
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second listdel call results in either a warning with CONFIGDEBUGLIST=y:...
kernel: media: em28xx: initialize refcount before kref_get
A use-after-free flaw was found in the Linux kernel’s video4linux driver in how a user triggers the em28xxusbprobe for the Empia 28xx-based TV cards. This flaw allows a local user to crash or potentially escalate their privileges on the system...
USN-6340-2 linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 Zi Fan Tan discovered that the binder IPC...
USN-6007-1 linux-gcp vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5975-1 linux-azure vulnerabilities
Updated on 2023-04-11: Please note that when USN 5975-1 was originally published, it incorrectly included the linux-gcp kernel for Ubuntu 16.04 ESM. References to that kernel have been removed from this USN and the correct information for it has been published in USN 6007-1. Original advisory...
OESA-2023-1157 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cann...
USN-5924-1 linux-azure, linux-azure, linux-azure vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5883-1 linux-hwe vulnerabilities
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 It was discovered that an out-of-bounds write vulnerability existed i...