Количество 11
Количество 11
CVE-2024-56571
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-56571
[REJECTED CVE] A vulnerability was identified in the Linux kernel's uvcvideo driver, where media entities could be allocated with an ID of 0 or duplicate IDs, violating the UVC 1.1+ specification. This flaw allowed malformed USB video device descriptors to create invalid media entity chains, potentially causing kernel warnings and crashes due to entities referencing themselves or forming backward loops. An attacker with physical or emulated USB device access could exploit this by crafting a malicious UVC device that triggers kernel warnings or system instability.
CVE-2024-56571
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-w2cc-xm47-hqcg
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was co...
SUSE-SU-2025:0201-2
Security update for the Linux Kernel
SUSE-SU-2025:0201-1
Security update for the Linux Kernel
ELSA-2025-20095
ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT)
SUSE-SU-2025:0428-1
Security update for the Linux Kernel
SUSE-SU-2025:0557-1
Security update for the Linux Kernel
SUSE-SU-2025:0499-1
Security update for the Linux Kernel
SUSE-SU-2025:0289-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-56571 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 7 месяцев назад | ||
 | CVE-2024-56571 [REJECTED CVE] A vulnerability was identified in the Linux kernel's uvcvideo driver, where media entities could be allocated with an ID of 0 or duplicate IDs, violating the UVC 1.1+ specification. This flaw allowed malformed USB video device descriptors to create invalid media entity chains, potentially causing kernel warnings and crashes due to entities referencing themselves or forming backward loops. An attacker with physical or emulated USB device access could exploit this by crafting a malicious UVC device that triggers kernel warnings or system instability. | CVSS3: 4.4 | 7 месяцев назад | |
 | CVE-2024-56571 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 7 месяцев назад | ||
| GHSA-w2cc-xm47-hqcg In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was co... | 7 месяцев назад | ||
 | SUSE-SU-2025:0201-2 Security update for the Linux Kernel | 5 месяцев назад | ||
| SUSE-SU-2025:0201-1 Security update for the Linux Kernel | 5 месяцев назад | ||
| ELSA-2025-20095 ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) | 6 месяцев назад | ||
| SUSE-SU-2025:0428-1 Security update for the Linux Kernel | 6 месяцев назад | ||
| SUSE-SU-2025:0557-1 Security update for the Linux Kernel | 6 месяцев назад | ||
| SUSE-SU-2025:0499-1 Security update for the Linux Kernel | 6 месяцев назад | ||
| SUSE-SU-2025:0289-1 Security update for the Linux Kernel | 6 месяцев назад |
Уязвимостей на страницу