7.1

CVE-2024-43877

media: pci: ivtv: Add check for DMA map result

In the Linux kernel, the following vulnerability has been resolved:

media: pci: ivtv: Add check for DMA map result

In case DMA fails, 'dma->SG_length' is 0. This value is later used to
access 'dma->SGarray[dma->SG_length - 1]', which will cause out of
bounds access.

Add check to return early on invalid value. Adjust warnings accordingly.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.16 < 6.1.103
LinuxLinux Kernel Version >= 6.2 < 6.6.44
LinuxLinux Kernel Version >= 6.7 < 6.10.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.123
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718
Patch
https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a
Patch
https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9
Patch
https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b
Patch
https://git.kernel.org/stable/c/81d0664bed91a858c7b50c263954b59d65f1b414
https://git.kernel.org/stable/c/38f72c7e7c6b55614f9407555fd5ce9d019b0fa4
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html