| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061829-CVE-2025-38044-4caf@gregkh> Date: Wed, 18 Jun 2025 11:33:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38044: media: cx231xx: set device_caps for 417 From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get a WARN_ON instead). Not seen before since currently 417 support is disabled, but I found this while experimenting with it. The Linux kernel CVE team has assigned CVE-2025-38044 to this issue. Affected and fixed versions =========================== Fixed in 5.4.294 with commit 2ad41beb7df3bd63b209842d16765ec59dafe6e4 Fixed in 5.10.238 with commit 0884dd3abbe80307a2d4cbdbe5e312be164f8adb Fixed in 5.15.185 with commit c91447e35b9bea60bda4408c48e7891d14351021 Fixed in 6.1.141 with commit 9d1a5be86dbe074bd8dd6bdd63a99d6bb66d5930 Fixed in 6.6.93 with commit 5c9eca180a4235abd56cc7f7308ca72128d93dce Fixed in 6.12.31 with commit 4731d5328f507ae8fd8a57abbca9119ec7a8d665 Fixed in 6.14.9 with commit e43fd82bb2110bf9d13d800cdc49cceddfd0ede5 Fixed in 6.15 with commit a79efc44b51432490538a55b9753a721f7d3ea42 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38044 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/usb/cx231xx/cx231xx-417.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4 https://git.kernel.org/stable/c/0884dd3abbe80307a2d4cbdbe5e312be164f8adb https://git.kernel.org/stable/c/c91447e35b9bea60bda4408c48e7891d14351021 https://git.kernel.org/stable/c/9d1a5be86dbe074bd8dd6bdd63a99d6bb66d5930 https://git.kernel.org/stable/c/5c9eca180a4235abd56cc7f7308ca72128d93dce https://git.kernel.org/stable/c/4731d5328f507ae8fd8a57abbca9119ec7a8d665 https://git.kernel.org/stable/c/e43fd82bb2110bf9d13d800cdc49cceddfd0ede5 https://git.kernel.org/stable/c/a79efc44b51432490538a55b9753a721f7d3ea42
Powered by blists - more mailing lists