Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-20369

Опубликовано: 23 янв. 2022
Источник: redhat
CVSS3: 6.7

Описание

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel

An out-of-bounds write flaw was found in the Linux kernel’s UVC camera and similar device driver code due to improper input validation in the v4l2-mem2mem.c source code in how a user calls ioctl VIDIOC_QUERYBUF with mmap. This issue occurs if the capture buffer mapped directly from the userspace uses values from DQBUF, which returns an error. This flaw allows a local user to crash or escalate their privileges on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 9kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2137505kernel: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-20369

CVSS3: 6.7
ubuntu
больше 3 лет назад

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel

nvd логотип

CVE-2022-20369

CVSS3: 6.7
nvd
больше 3 лет назад

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel

debian логотип

CVE-2022-20369

CVSS3: 6.7
debian
больше 3 лет назад

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bou ...

github логотип

GHSA-wc8c-q7hw-9vfm

CVSS3: 6.7
github
больше 3 лет назад

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel

fstec логотип

BDU:2023-00943

CVSS3: 6.7
fstec
около 4 лет назад

Уязвимость функции v4l2_m2m_querybuf компонента v4l2-mem2mem.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании, повысить свои привилегии или выполнить произвольный код

6.7 Medium

CVSS3