| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011314-CVE-2025-68819-64a3@gregkh> Date: Tue, 13 Jan 2026 16:29:45 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68819: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger than sizeof(st->data), an out-of-bounds vuln occurs for st->data. Therefore, we need to add proper range checking to prevent this vuln. The Linux kernel CVE team has assigned CVE-2025-68819 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.28 with commit 60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 and fixed in 6.1.160 with commit 61f214a878e96e2a8750bf96a98f78c658dba60c Issue introduced in 2.6.28 with commit 60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 and fixed in 6.6.120 with commit 4a54d8fcb093761e4c56eb211cf4e39bf8401fa1 Issue introduced in 2.6.28 with commit 60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 and fixed in 6.12.64 with commit fe3e129ab49806aaaa3f22067ebc75c2dfbe4658 Issue introduced in 2.6.28 with commit 60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 and fixed in 6.18.3 with commit ac92151ff2494130d9fc686055d6bbb9743a673e Issue introduced in 2.6.28 with commit 60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 and fixed in 6.19-rc1 with commit b91e6aafe8d356086cc621bc03e35ba2299e4788 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68819 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/usb/dvb-usb/dtv5100.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/61f214a878e96e2a8750bf96a98f78c658dba60c https://git.kernel.org/stable/c/4a54d8fcb093761e4c56eb211cf4e39bf8401fa1 https://git.kernel.org/stable/c/fe3e129ab49806aaaa3f22067ebc75c2dfbe4658 https://git.kernel.org/stable/c/ac92151ff2494130d9fc686055d6bbb9743a673e https://git.kernel.org/stable/c/b91e6aafe8d356086cc621bc03e35ba2299e4788
Powered by blists - more mailing lists