media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()

...

PT-2025-42784

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an issue in the uvcvideo driver related to handling of Universal Video Class UVC entities. Specifically, the driver did not properly mark invalid entities with...

CVE-2024-58079

CVE-2024-58079 : In the Linux kernel, a bug in media: uvcvideo could crash on unbind if a GPIO unit is in use. The root cause was using the wrong device for device-managed cleanup (usb device instead of the interface device), which could leave IRQs enabled and lead to an access to freed memory on...

CVE-2024-58079 media: uvcvideo: Fix crash during unbind if gpio unit is in use

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix crash during unbind if gpio unit is in use We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb...

CVE-2024-58079 media: uvcvideo: Fix crash during unbind if gpio unit is in use

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix crash during unbind if gpio unit is in use We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb...

CVE-2024-58002

CVE-2024-58002 — Linux kernel vulnerability (as reported in Astra Linux bulletin): In media: uvcvideo, an async control writes a pointer to the file handle that started an operation. If the user closes the file descriptor before the device completes, that structure is freed and a dangling pointer...

CVE-2024-57980 media: uvcvideo: Fix double free in error path

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvcstatusinit function fails to allocate the inturb, it will free the dev-status pointer but doesn't reset the pointer to NULL. This results in the kfree call in...

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

The vulnerability of the uvcvideo component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the uvcvideo component in the Linux operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

CVE-2023-52565 media: uvcvideo: Fix OOB read

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read...

CVE-2008-3496

Buffer overflow in format descriptor parsing in the uvcparseformat function in drivers/media/video/uvc/uvcdriver.c in uvcvideo in the video4linux V4L implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors...

Buffer overflow

Buffer overflow in format descriptor parsing in the uvcparseformat function in drivers/media/video/uvc/uvcdriver.c in uvcvideo in the video4linux V4L implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors...