averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-08 12:02:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0da170b9e600da6930cfb8352e4cc036db3b6159
linux-stable-mirror/drivers/media/usb/dvb-usb
History
Jeongjun Park fe3e129ab4 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() 
commit b91e6aafe8 upstream.

rlen value is a user-controlled value, but dtv5100_i2c_msg() does not
check the size of the rlen value. Therefore, if it is set to a value
larger than sizeof(st->data), an out-of-bounds vuln occurs for st->data.

Therefore, we need to add proper range checking to prevent this vuln.

Fixes: 60688d5e6e ("V4L/DVB (8735): dtv5100: replace dummy frontend by zl10353")
Cc: stable@vger.kernel.org
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2026-01-08 10:14:17 +01:00
..
a800.c
af9005-fe.c
af9005-remote.c
af9005-script.h
af9005.c
af9005.h
az6027.c
az6027.h
cinergyT2-core.c
cinergyT2-fe.c
cinergyT2.h
cxusb-analog.c
cxusb.c
cxusb.h
dib07x0.h
dib0700_core.c
dib0700_devices.c
dib0700.h
dibusb-common.c
dibusb-mb.c
dibusb-mc-common.c
dibusb-mc.c
dibusb.h
digitv.c
digitv.h
dtt200u-fe.c
dtt200u.c
dtt200u.h
dtv5100.c
dtv5100.h
dvb-usb-common.h
dvb-usb-dvb.c
dvb-usb-firmware.c
dvb-usb-i2c.c
dvb-usb-init.c
dvb-usb-remote.c
dvb-usb-urb.c
dvb-usb.h
dw2102.c
dw2102.h
gp8psk.c
gp8psk.h
Kconfig
m920x.c
m920x.h
Makefile
nova-t-usb2.c
opera1.c
pctv452e.c
technisat-usb2.c
ttusb2.c
ttusb2.h
umt-010.c
usb-urb.c
vp702x-fe.c
vp702x.c
vp702x.h
vp7045-fe.c
vp7045.c
vp7045.h