Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[fips-8-legacy] media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format #122

Merged
merged 1 commit into from
Feb 13, 2025
Merged

[fips-8-legacy] media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format #122

merged 1 commit into from
Feb 13, 2025

Conversation

bmastbergen
Copy link
Collaborator

jira VULN-9671
cve CVE-2024-53104

commit-author Benoit Sevens <bsevens@google.com>
commit ecf2b43018da9579842c774b7f35dbe11b5c38dd

This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

Fixes: c0efd232929c ("V4L/DVB (8145a): USB Video Class driver")
	Signed-off-by: Benoit Sevens <bsevens@google.com>
	Cc: stable@vger.kernel.org
	Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
	Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
(cherry picked from commit ecf2b43018da9579842c774b7f35dbe11b5c38dd)
	Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>

Same as #111

build.log

kselftests were run before and after:
selftest-before.log
selftest-after.log

brett@lycia ~/ciq/vuln-9671 % grep ^ok selftest-before.log | wc -l
192
brett@lycia ~/ciq/vuln-9671 % grep ^ok selftest-after.log | wc -l
215
brett@lycia ~/ciq/vuln-9671 %

@bmastbergen
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_…
40d30a1 
…parse_format

jira VULN-9671
cve CVE-2024-53104
commit-author Benoit Sevens <bsevens@google.com>
commit ecf2b43

This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.

Fixes: c0efd23 ("V4L/DVB (8145a): USB Video Class driver")
	Signed-off-by: Benoit Sevens <bsevens@google.com>
	Cc: stable@vger.kernel.org
	Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
	Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
(cherry picked from commit ecf2b43)
	Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
gvrose8192
gvrose8192 approved these changes Feb 12, 2025
View reviewed changes
Copy link

@gvrose8192 gvrose8192 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Thanks!

PlaidCat
PlaidCat approved these changes Feb 12, 2025
View reviewed changes
Copy link
Collaborator

@PlaidCat PlaidCat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@bmastbergen bmastbergen merged commit f1a4a32 into fips-legacy-8-compliant/4.18.0-425.13.1 Feb 13, 2025
1 check passed
@bmastbergen bmastbergen deleted the bmastbergen_fips-legacy-8-compliant/4.18.0-425.13.1/VULN-9671 branch February 13, 2025 13:47
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@gvrose8192 gvrose8192 gvrose8192 approved these changes

@PlaidCat PlaidCat PlaidCat approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bmastbergen @gvrose8192 @PlaidCat