SB2024060814 - Stack-based buffer overflow in Linux kernel media dvb-frontends driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Stack-based buffer overflow (CVE-ID: CVE-2024-27075)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4
• https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55
• https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82
• https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f
• https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a
• https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730
• https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960
• https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893
• https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2