| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090450-CVE-2025-38693-aeb5@gregkh>
Date: Thu, 4 Sep 2025 17:32:58 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38693: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add
check on msg[0].len to prevent crash.
Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
The Linux kernel CVE team has assigned CVE-2025-38693 to this issue.
Affected and fixed versions
===========================
Fixed in 5.4.297 with commit 7a41ecfc3415ebe3b4c44f96b3337691dcf431a3
Fixed in 5.10.241 with commit b3d77a3fc71c084575d3df4ec6544b3fb6ce587d
Fixed in 5.15.190 with commit 17b30e5ded062bd74f8ca6f317e1d415a8680665
Fixed in 6.1.149 with commit 454a443eaa792c8865c861a282fe6d4f596abc3a
Fixed in 6.6.103 with commit 6bbaec6a036940e22318f0454b50b8000845ab59
Fixed in 6.12.43 with commit f98132a59ccc59a8b97987363bc99c8968934756
Fixed in 6.15.11 with commit 99690a494d91a0dc86cebd628da4c62c40552bcb
Fixed in 6.16.2 with commit 39b06b93f24dff923c4183d564ed28c039150554
Fixed in 6.17-rc1 with commit ed0234c8458b3149f15e496b48a1c9874dd24a1b
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38693
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/media/dvb-frontends/dib7000p.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3
https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d
https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665
https://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a
https://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59
https://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756
https://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb
https://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554
https://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b
Powered by blists - more mailing lists