| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123027-CVE-2023-54284-a3a6@gregkh> Date: Tue, 30 Dec 2025 13:23:37 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54284: media: av7110: prevent underflow in write_ts_to_decoder() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len - (buf[4] + 1) - 4" so add a check to ensure that the length is not negative. It's not clear that passing a negative len value does anything bad necessarily, but it's not best practice. With the new bounds checking the "if (!len)" condition is no longer possible or required so remove that. The Linux kernel CVE team has assigned CVE-2023-54284 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 4.14.315 with commit 6680af5be9f08d830567e9118f76d3e64684db8f Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 4.19.283 with commit 6606e2404ee9e20a3ae5b42fc3660d41b739ed3e Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 5.4.243 with commit 620b983589e0223876bf1463b01100a9c67b56ba Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 5.10.211 with commit 86ba65e5357bfbb6c082f68b265a292ee1bdde1d Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 5.15.111 with commit ca4ce92e3ec9fd3c7c936b912b95c53331d5159c Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 6.1.28 with commit 423350af9e27f005611bd881b1df2cab66de943d Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 6.2.15 with commit 77eeb4732135c18c2fdfab80839645b393f3e774 Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 6.3.2 with commit 7b93ab60fe9ed04be0ff155bc30ad39dea23e22b Issue introduced in 2.6.31 with commit fd46d16d602ab7fd53cef7ff55b9dcb0b47ad3bf and fixed in 6.4 with commit eed9496a0501357aa326ddd6b71408189ed872eb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54284 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/staging/media/av7110/av7110_av.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6680af5be9f08d830567e9118f76d3e64684db8f https://git.kernel.org/stable/c/6606e2404ee9e20a3ae5b42fc3660d41b739ed3e https://git.kernel.org/stable/c/620b983589e0223876bf1463b01100a9c67b56ba https://git.kernel.org/stable/c/86ba65e5357bfbb6c082f68b265a292ee1bdde1d https://git.kernel.org/stable/c/ca4ce92e3ec9fd3c7c936b912b95c53331d5159c https://git.kernel.org/stable/c/423350af9e27f005611bd881b1df2cab66de943d https://git.kernel.org/stable/c/77eeb4732135c18c2fdfab80839645b393f3e774 https://git.kernel.org/stable/c/7b93ab60fe9ed04be0ff155bc30ad39dea23e22b https://git.kernel.org/stable/c/eed9496a0501357aa326ddd6b71408189ed872eb
Powered by blists - more mailing lists