7.8

CVE-2024-53104

Warnung

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 2.6.26 < 4.19.324
LinuxLinux Kernel Version >= 4.20 < 5.4.286
LinuxLinux Kernel Version >= 5.5 < 5.10.230
LinuxLinux Kernel Version >= 5.11 < 5.15.172
LinuxLinux Kernel Version >= 5.16 < 6.1.117
LinuxLinux Kernel Version >= 6.2 < 6.6.61
LinuxLinux Kernel Version >= 6.7 < 6.11.8
LinuxLinux Kernel Version >= 6.12 < 6.12.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

05.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Out-of-Bounds Write Vulnerability

Schwachstelle

Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.3% 0.869
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f
Patch
https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29
Patch
https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d
Patch
https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5
Patch
https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae
Patch
https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8
Patch
https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6
Patch
https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd
Patch
https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773
Patch
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53104
US Government Resource
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Mailing List
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Mailing List