Описание
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacker who is able to influence the format of video streams captured by a system's USB video device could exploit this flaw to alter system memory and potentially escalate their privileges or execute arbitrary code.
Отчет
This vulnerability exists in functionality used by the USB Video Class driver to decode the format of video frames. This driver is used for USB devices which capture streaming video, such as webcams. A function which reads streaming video frame metadata does not correctly account for frames in an unknown format, which might cause a buffer allocated for frame data to be undersized. An attacker must be able to control the frame data captured by a UVC device. This might be accomplished by creating a physical or virtual device with that purpose in mind. An attacker could also modify an existing USB device toward this end. Because an attacker has some control over what data is written out of bounds, but not strict control over where in the kernel's memory space that data is written, we assess that the impact to confidentiality of this flaw is Low. This vulnerability could be used to escalate privileges if combined with other flaws or other means to predict the kernel's memory layout. By itself, this vulnerability can have negative impacts on both system availability and integrity, as an attacker can overwrite other kernel data structures.
Меры по смягчению последствий
This flaw can be mitigated by preventing the uvcvideo module from loading. See "How do I prevent a kernel module from loading automatically?"[1] for more information. Note that disabling this module will prevent UVC devices such as webcams or video capture devices from functioning properly.
Preventing the uvcvideo module from loading is also an effective mitigation for OpenShift environments. Different methods of applying that mitigation are available, depending on the vulnerable cluster's configuration. See "USB CVE-2024-53104 Mitigation for OpenShift" [2] for more details. That document also details alternative mitigations available through the use of compliance profiles and USBGuard.
1: https://access.redhat.com/solutions/41278
2: https://access.redhat.com/articles/7107058
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:8137 | 26.05.2025 |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | kernel | Fixed | RHSA-2025:1347 | 12.02.2025 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | kernel | Fixed | RHSA-2025:1282 | 11.02.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | kernel-rt | Fixed | RHSA-2025:1280 | 11.02.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | kernel | Fixed | RHSA-2025:1281 | 11.02.2025 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2025:1230 | 10.02.2025 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2025:1266 | 11.02.2025 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2025:1657 | 18.02.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2025:1278 | 11.02.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
In the Linux kernel, the following vulnerability has been resolved: m ...
Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
7.3 High
CVSS3