Связанные уязвимости
[REJECTED CVE] A vulnerability was identified in the Linux kernel's uvcvideo driver, where media entities could be allocated with an ID of 0 or duplicate IDs, violating the UVC 1.1+ specification. This flaw allowed malformed USB video device descriptors to create invalid media entity chains, potentially causing kernel warnings and crashes due to entities referencing themselves or forming backward loops. An attacker with physical or emulated USB device access could exploit this by crafting a malicious UVC device that triggers kernel warnings or system instability.
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was co...
ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT)