Headline
CVE-2023-35824: [GIT PULL FOR v6.4] Various fixes/enhancements
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
From: Hans Verkuil [email protected] To: Linux Media Mailing List [email protected] Cc: "Milen Mitkov (Consultant)" <[email protected]>, “Niklas Söderlund” [email protected] Subject: [GIT PULL FOR v6.4] Various fixes/enhancements Date: Tue, 21 Mar 2023 16:17:47 +0100 [thread overview] Message-ID: [email protected] (raw)
The following changes since commit 71937240a472ee551ac8de0e7429b9d49884a388:
media: ov2685: Select VIDEO_V4L2_SUBDEV_API (2023-03-20 16:32:18 +0100)
are available in the Git repository at:
git://linuxtv.org/hverkuil/media_tree.git tags/br-v6.4g
for you to fetch changes up to dacc09862467123c7e5ac45b131e77aafa54fe96:
media: au0828: remove unnecessary (void*) conversions (2023-03-21 15:49:12 +0100)
Tag branch
Milen Mitkov (4): media: camss: sm8250: Virtual channels for CSID media: camss: vfe: Reserve VFE lines on stream start and link to CSID media: camss: vfe-480: Multiple outputs support for SM8250 media: camss: sm8250: Pipeline starting and stopping for multiple virtual channels
Niklas Söderlund (3): media: i2c: adv748x: Fix lookup of DV timings media: i2c: adv748x: Write initial DV timings to device media: i2c: adv748x: Report correct DV timings for pattern generator
Oliver Neukum (1): usbtv: usbtv_set_regs: the pipe is output
Yang Li (1): media: atmel: atmel-isc: Use devm_platform_ioremap_resource()
Yu Zhe (1): media: au0828: remove unnecessary (void*) conversions
Zheng Wang (2): media: dm1105: Fix use after free bug in dm1105_remove due to race condition media: saa7134: fix use after free bug in saa7134_finidev due to race condition
drivers/media/i2c/adv748x/adv748x-hdmi.c | 21 ++++++++++++++±----- drivers/media/pci/dm1105/dm1105.c | 1 + drivers/media/pci/saa7134/saa7134-ts.c | 1 + drivers/media/pci/saa7134/saa7134-vbi.c | 1 + drivers/media/pci/saa7134/saa7134-video.c | 1 + drivers/media/platform/qcom/camss/camss-csid-gen2.c | 54 +++++++++++++++++++++++++++++++++±------------------- drivers/media/platform/qcom/camss/camss-csid.c | 44 ++++++++++++++++++++++++++++++±------------ drivers/media/platform/qcom/camss/camss-csid.h | 11 ++++++++±- drivers/media/platform/qcom/camss/camss-vfe-170.c | 4 +±- drivers/media/platform/qcom/camss/camss-vfe-480.c | 61 +++++++++++++++++++++++++++++++++++++++±-------------------- drivers/media/platform/qcom/camss/camss-vfe-gen1.c | 4 +±- drivers/media/platform/qcom/camss/camss-vfe.c | 1 + drivers/media/platform/qcom/camss/camss-video.c | 21 +++++++++++++++++±– drivers/media/platform/qcom/camss/camss.c | 2 ± drivers/media/usb/au0828/au0828-core.c | 2 ± drivers/media/usb/au0828/au0828-dvb.c | 4 +±- drivers/media/usb/usbtv/usbtv-core.c | 2 ± drivers/staging/media/deprecated/atmel/atmel-sama5d2-isc.c | 4 ±– drivers/staging/media/deprecated/atmel/atmel-sama7g5-isc.c | 4 ±– 19 files changed, 163 insertions(+), 80 deletions(-)
next reply other threads:[~2023-03-21 15:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-21 15:17 Hans Verkuil [this message] 2023-03-21 15:57 ` [GIT PULL FOR v6.4] Various fixes/enhancements (#90583) Jenkins
Reply instructions:
You may reply publicly to this message via plain-text email using any one of the following methods:
* Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the –to, –cc, and –in-reply-to switches of git-send-email(1):
git send-email \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ /path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.
Related news
Red Hat Security Advisory 2023-7077-01 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, denial of service, double free, information leakage, memory leak, null pointer, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.
Ubuntu Security Notice 6357-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.
Ubuntu Security Notice 6340-2 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6349-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6347-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6340-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.