Skip to content

[fips-9] media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 11, 2025
Merged

[fips-9] media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format #111

merged 1 commit into from
Feb 11, 2025

Conversation

bmastbergen
Copy link
Collaborator

jira VULN-9674
cve CVE-2024-53104

commit-author Benoit Sevens <[email protected]>
commit ecf2b43018da9579842c774b7f35dbe11b5c38dd

This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

Fixes: c0efd232929c ("V4L/DVB (8145a): USB Video Class driver")
	Signed-off-by: Benoit Sevens <[email protected]>
	Cc: [email protected]
	Acked-by: Greg Kroah-Hartman <[email protected]>
	Reviewed-by: Laurent Pinchart <[email protected]>
	Signed-off-by: Hans Verkuil <[email protected]>
(cherry picked from commit ecf2b43018da9579842c774b7f35dbe11b5c38dd)
	Signed-off-by: Brett Mastbergen <[email protected]>

Same as #108

build.log

kselftests were run before and after:
selftests-before.log
selftests-after.log

brett@lycia ~/ciq/vuln-9674 % grep ^ok selftests-before.log | wc -l
304
brett@lycia ~/ciq/vuln-9674 % grep ^ok selftests-after.log | wc -l
305
brett@lycia ~/ciq/vuln-9674 %

@bmastbergen
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_…
5e90258 
…parse_format

jira VULN-9674
cve CVE-2024-53104
commit-author Benoit Sevens <[email protected]>
commit ecf2b43

This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.

Fixes: c0efd23 ("V4L/DVB (8145a): USB Video Class driver")
	Signed-off-by: Benoit Sevens <[email protected]>
	Cc: [email protected]
	Acked-by: Greg Kroah-Hartman <[email protected]>
	Reviewed-by: Laurent Pinchart <[email protected]>
	Signed-off-by: Hans Verkuil <[email protected]>
(cherry picked from commit ecf2b43)
	Signed-off-by: Brett Mastbergen <[email protected]>
gvrose8192
gvrose8192 approved these changes Feb 11, 2025
View reviewed changes
Copy link

@gvrose8192 gvrose8192 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Same as previous in this series of CVE fixes. Thanks!

PlaidCat
PlaidCat approved these changes Feb 11, 2025
View reviewed changes
Copy link
Collaborator

@PlaidCat PlaidCat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:
Followed up with and validated that ftype is set.

@bmastbergen bmastbergen merged commit 8633119 into fips-9-compliant/5.14.0-284.30.1 Feb 11, 2025
3 checks passed
@bmastbergen bmastbergen deleted the bmastbergen_fips-9-compliant/5.14.0-284.30.1/VULN-9674 branch February 11, 2025 19:23
This was referenced Feb 12, 2025
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gvrose8192 gvrose8192 gvrose8192 approved these changes

@PlaidCat PlaidCat PlaidCat approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bmastbergen @gvrose8192 @PlaidCat