Improper error handling in Linux kernel media ipu3 driver



Published: 2024-06-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-46943
CWE-ID CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper error handling

EUVDB-ID: #VU90962

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46943

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper error handling within the imgu_fmt() function in drivers/staging/media/ipu3/ipu3-v4l2.c. A local user can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6
http://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137
http://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916
http://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc
http://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###