SB20250226502 - Improper locking in Linux kernel usb stk1160 driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2022-49247)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stk1160_uninit_isoc(), stk1160_stop_streaming() and stk1160_clear_queue() functions in drivers/media/usb/stk1160/stk1160-v4l.c, within the stk1160_disconnect() function in drivers/media/usb/stk1160/stk1160-core.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/03054f22d5abd80ad89547512c2bfbfb2714d3ed
• https://git.kernel.org/stable/c/2874122ca4ca74adec72d6d6bf8828228ec20f15
• https://git.kernel.org/stable/c/3cc050df73e3d973f1870a8dc0e177e77670bc7f
• https://git.kernel.org/stable/c/4d68603cc4382174bc1e7d532e10675c48c6b257
• https://git.kernel.org/stable/c/a09e9882800fdfc5aab93f77c3f0132071d2191b
• https://git.kernel.org/stable/c/f04a520a422222fc921bf035dc67414c500a286a
• https://git.kernel.org/stable/c/f66e6fd1488d26229f11d86616de1b658c70fa8a
• https://git.kernel.org/stable/c/fbe04b49a54e31f4321d632270207f0e6304cd16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.238
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.189