SB20240731120 - Integer overflow in Linux kernel media dvb-frontends driver
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731120
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2024-42223)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a
- https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce
- https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0
- https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af
- https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd
- https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1
- https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8
- https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39