SB2024070177 - Resource management error in Linux kernel media i2c driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-35830)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24
• https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6
• https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7
• https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a
• https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d
• https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468
• https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496
• https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7
• https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2