SB2024092470 - Buffer overflow in Linux kernel platform vivid driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2022-48945)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/8c0ee15d9a102c732d0745566d254040085d5663
• https://git.kernel.org/stable/c/5edc3604151919da8da0fb092b71d7dce07d848a
• https://git.kernel.org/stable/c/9c7fba9503b826f0c061d136f8f0c9f953ed18b9
• https://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6
• https://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f
• https://git.kernel.org/stable/c/ab54081a2843aefb837812fac5488cc8f1696142
• https://git.kernel.org/stable/c/ccb5392c4fea0e7d9f7ab35567e839d74cb3998b
• https://git.kernel.org/stable/c/2f558c5208b0f70c8140e08ce09fcc84da48e789
• https://git.kernel.org/stable/c/94a7ad9283464b75b12516c5512541d467cefcf8
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2