| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090445-CVE-2025-38680-cce6@gregkh> Date: Thu, 4 Sep 2025 17:32:45 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38680: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function accesses buffer[3], requiring at least 4 bytes. This can lead to an out-of-bounds read if the buffer has exactly 3 bytes. Fix it by checking that the buffer has at least 4 bytes in uvc_parse_format(). The Linux kernel CVE team has assigned CVE-2025-38680 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 5.4.297 with commit 9ad554217c9b945031c73df4e8176a475e2dea57 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 5.10.241 with commit 1e269581b3aa5962fdc52757ab40da286168c087 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 5.15.190 with commit 8343f3fe0b755925f83d60b05e92bf4396879758 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 6.1.149 with commit ffdd82182953df643aa63d999b6f1653d0c93778 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 6.6.103 with commit a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 6.12.43 with commit cac702a439050df65272c49184aef7975fe3eff2 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 6.15.11 with commit 424980d33b3f816485513e538610168b03fab9f1 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 6.16.2 with commit 6d4a7c0b296162354b6fc759a1475b9d57ddfaa6 Issue introduced in 2.6.26 with commit c0efd232929c2cd87238de2cccdaf4e845be5b0c and fixed in 6.17-rc1 with commit 782b6a718651eda3478b1824b37a8b3185d2740c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38680 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/usb/uvc/uvc_driver.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9ad554217c9b945031c73df4e8176a475e2dea57 https://git.kernel.org/stable/c/1e269581b3aa5962fdc52757ab40da286168c087 https://git.kernel.org/stable/c/8343f3fe0b755925f83d60b05e92bf4396879758 https://git.kernel.org/stable/c/ffdd82182953df643aa63d999b6f1653d0c93778 https://git.kernel.org/stable/c/a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9 https://git.kernel.org/stable/c/cac702a439050df65272c49184aef7975fe3eff2 https://git.kernel.org/stable/c/424980d33b3f816485513e538610168b03fab9f1 https://git.kernel.org/stable/c/6d4a7c0b296162354b6fc759a1475b9d57ddfaa6 https://git.kernel.org/stable/c/782b6a718651eda3478b1824b37a8b3185d2740c
Powered by blists - more mailing lists