| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025010657-CVE-2024-56769-021a@gregkh> Date: Mon, 6 Jan 2025 17:21:03 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56769: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Description =========== In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 ... Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 ... The Linux kernel CVE team has assigned CVE-2024-56769 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.19 with commit 74340b0a8bc60b400c7e5fe4950303aa6f914d16 and fixed in 6.1.123 with commit 3876e3a1c31a58a352c6bf5d2a90e3304445a637 Issue introduced in 2.6.19 with commit 74340b0a8bc60b400c7e5fe4950303aa6f914d16 and fixed in 6.6.69 with commit 1d6de21f00293d819b5ca6dbe75ff1f3b6392140 Issue introduced in 2.6.19 with commit 74340b0a8bc60b400c7e5fe4950303aa6f914d16 and fixed in 6.12.8 with commit c1197c1457bb7098cf46366e898eb52b41b6876a Issue introduced in 2.6.19 with commit 74340b0a8bc60b400c7e5fe4950303aa6f914d16 and fixed in 6.13-rc4 with commit 2dd59fe0e19e1ab955259978082b62e5751924c7 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56769 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/dvb-frontends/dib3000mb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3876e3a1c31a58a352c6bf5d2a90e3304445a637 https://git.kernel.org/stable/c/1d6de21f00293d819b5ca6dbe75ff1f3b6392140 https://git.kernel.org/stable/c/c1197c1457bb7098cf46366e898eb52b41b6876a https://git.kernel.org/stable/c/2dd59fe0e19e1ab955259978082b62e5751924c7
Powered by blists - more mailing lists