CISA Known Exploited Vulnerability (KEV)
Linux Kernel Out-of-Bounds Write Vulnerability
February 5, 2025
February 26, 2025
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
References
- https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f
- https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29
- https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d
- https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5
- https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae
- https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8
- https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6
- https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd
- https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-787 |
Out-of-bounds Write |