23 matches found
kernel: media: rc: fix races with imon_disconnect()
A use-after-free flaw exists in the Linux kernel’s media/rc subsystem. When the device is disconnected via imondisconnect, the driver may unconditionally release a usbdevice reference via usbputdev even while other operations such as vfdwrite, sendpacket, displayopen, lcdwrite are still in...
kernel: media: rc: fix races with imon_disconnect()
A use-after-free flaw exists in the Linux kernel’s media/rc subsystem. When the device is disconnected via imondisconnect, the driver may unconditionally release a usbdevice reference via usbputdev even while other operations such as vfdwrite, sendpacket, displayopen, lcdwrite are still in...
CVE-2025-38619 media: ti: j721e-csi2rx: fix list_del corruption
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix listdel corruption If ticsi2rxstartdma fails in ticsi2rxdmacallback, the buffer is marked done with VB2BUFSTATEERROR but is not removed from the DMA queue. This causes the same buffer to be retried in...
Linux Distros Unpatched Vulnerability : CVE-2020-36786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the...
kernel: media: uvcvideo: Fix double free in error path
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvcstatusinit function fails to allocate the inturb, it will free the dev-status pointer but doesn't reset the pointer to NULL. This results in the kfree call in...
CVE-2022-49982
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvrprobe The error handling code in pvr2hdwcreate forgets to unregister the v4l2 device. When pvr2hdwcreate returns back to pvr2contextcreate, it calls pvr2contextdestroy to destroy context, but...
CVE-2025-23159 media: venus: hfi: add a check to handle OOB in sfr region
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
The vulnerability of the Linux operating system’s kernel’s media component, which allows a hacker to cause a service failure
The vulnerability of the Linux operating system’s kernel media component is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s kernel’s media component, which allows a hacker to cause a service failure
The vulnerability of the Linux operating system’s kernel media component is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
Linux Distros Unpatched Vulnerability : CVE-2024-57834
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: vidtv: Fix a null-ptr-deref in vidtvmuxstopthread syzbot report a null-ptr-deref in vidtvmuxstopthread. 1 If dvb-mux is not initialized successfully by...
Linux Distros Unpatched Vulnerability : CVE-2024-43900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: xc2028: avoid use-after-free in loadfirmwarecb syzkaller reported use-after-free in loadfirmwarecb 1. The reason is because the module allocated a struct...
CVE-2024-58003
CVE-2024-58003 affects the Linux kernel: the media i2c ds90ub9x3 driver family (ub913/ub953) could trigger a memory corruption/crash due to repeated removal calls. The root cause is a leftover call to fwnode_handle_put(priv->sd.fwnode) that was not removed when sd.fwnode handling changed in a ...
CVE-2022-49527
In CVE-2022-49527, the Linux kernel media/venus/hfi path was fixed to avoid a null-dereference during deinitialization. If venus_probe fails at pm_runtime_put_sync, the error path previously called hfi_destroy (which sets core->ops to NULL) and then attempted hfi_core_deinit, which would deref...
Vulnerabilities of Linux operating system’s kernel media components, allowing attackers to cause service failures
The vulnerability of the Linux operating system’s kernel media component is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-43877
In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma-SGlength' is 0. This value is later used to access 'dma-SGarraydma-SGlength - 1', which will cause out of bounds access. Add check to return early on invalid...
CVE-2024-42313
CVE-2024-42313 affects the Linux kernel’s media: venus path, specifically a use-after-free in vdec_close() when the firmware queues a buffer-release work via HFI callbacks during decoding. The issue can occur if the decoder device is closed from userspace during normal decoding, potentially leadi...
kernel: media: bttv: fix use after free error due to btv->timeout timer
In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv-timeout timer There may be some a race condition between timer function bttvirqtimeout and bttvremove. The timer is setup in probe and there is no timerdelete operation in remove...
CVE-2021-47288
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngenecommandconfigfreebuf Fix an 11-year old bug in ngenecommandconfigfreebuf while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16:...
CVE-2021-46943
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...
CVE-2021-46943
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...