CVE-2020-11608

Опубликовано: 12 мар. 2020

Источник: redhat

CVSS3: 4.3

Описание

An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

A flaw was found in the way the ov519 driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system.

Отчет

This issue is rated as having Low impact because of the preconditions needed to trigger the issue (physical access).

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module gspca_ov519. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-alt	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise MRG 2	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2021:1739	18.05.2021
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2021:1578	18.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1833445kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c

4.3 Medium

CVSS3