SB2025123082 - Memory leak in Linux kernel usb dvb-usb driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2023-54266)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the m920x_i2c_xfer() function in drivers/media/usb/dvb-usb/m920x.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/2b6e20ef0585a467c24c7e4fde28518e5b33225a
• https://git.kernel.org/stable/c/2cc9f11aeae2887a4db25c27323fc445f4b49e86
• https://git.kernel.org/stable/c/4feed3dfca722c6d74865a37cab853c58e6aa190
• https://git.kernel.org/stable/c/75d6ef197c488cd852493b4a419274e3489da79d
• https://git.kernel.org/stable/c/7ca7cd02114ac8caa6b0a64734b9af6be1559353
• https://git.kernel.org/stable/c/809623fedc31f4e74039d93bb75a8993635d7534
• https://git.kernel.org/stable/c/c0178e938f110cdf6937f26975c0c951dbb1d9db
• https://git.kernel.org/stable/c/d13a84874a2e0236c9325b3adc8e126d0888ad6b
• https://git.kernel.org/stable/c/ea9ef6c2e001c5dc94bee35ebd1c8a98621cf7b8
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.195
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.132
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.53
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6