Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-38621— media: stk1160: fix bounds checking in stk1160_copy_video()

EPSS 0.01% · P2

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux9cb2173e6ea8f2948bd1367c93083a2500fcf08f< f6a392266276730bea893b55d12940e32a25f56aaffected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< ecf4ddc3aee8ade504c4d36b7b4053ce6093e200affected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7affected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< 7532bcec0797adfa08791301c3bcae14141db3bdaffected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< b504518a397059e1d55c521ba0ea2b545a6c4b52affected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< d410017a7181cb55e4a5c810b32b75e4416c6808affected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< a08492832cc4cacc24e0612f483c86ca899b9261affected
9cb2173e6ea8f2948bd1367c93083a2500fcf08f< faa4364bef2ec0060de381ff028d1d836600a381affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-38621

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
media: stk1160: fix bounds checking in stk1160_copy_video()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition is reversed that means the result of the subtraction is always negative but since it's unsigned then the result is a very high positive value. That means the overflow check is never true. Additionally, the ->bytesused doesn't actually work for this purpose because we're not writing to "buf->mem + buf->bytesused". Instead, the math to calculate the destination where we are writing is a bit involved. You calculate the number of full lines already written, multiply by two, skip a line if necessary so that we start on an odd numbered line, and add the offset into the line. To fix this buffer overflow, just take the actual destination where we are writing, if the offset is already out of bounds print an error and return. Otherwise, write up to buf->length bytes.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于media:stk1160模块stk1160_copy_video中的边界检查。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 9cb2173e6ea8f2948bd1367c93083a2500fcf08f ~ f6a392266276730bea893b55d12940e32a25f56a -
LinuxLinux 3.7 -

II. Public POCs for CVE-2024-38621

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-38621

登录查看更多情报信息。

Mailing List Discussions for CVE-2024-38621 (1)

Other References for CVE-2024-38621 (7)

Same Patch Batch · Linux · 2024-06-21 · 40 CVEs total

CVE-2024-38636f2fs: multidev: fix to recognize valid zero block address
CVE-2024-38627stm class: Fix a double free in stm_register_device()
CVE-2024-38628usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
CVE-2024-38629dmaengine: idxd: Avoid unnecessary destruction of file_ida
CVE-2024-38630watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
CVE-2024-38631iio: adc: PAC1934: fix accessing out of bounds array index
CVE-2024-38632vfio/pci: fix potential memory leak in vfio_intx_enable()
CVE-2024-38633serial: max3100: Update uart_driver_registered on driver removal
CVE-2024-38634serial: max3100: Lock port->lock when calling uart_handle_cts_change()
CVE-2024-38635soundwire: cadence: fix invalid PDI offset
CVE-2024-38625fs/ntfs3: Check 'folio' pointer for NULL
CVE-2024-38637greybus: lights: check return of get_channel_from_mode
CVE-2024-38659enic: Validate length of nl attributes in enic_set_vf_port
CVE-2024-38662bpf: Allow delete from sockmap/sockhash only if update is allowed
CVE-2024-38780dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
CVE-2024-39277dma-mapping: benchmark: handle NUMA_NO_NODE correctly
CVE-2024-34777dma-mapping: benchmark: fix node id validation
CVE-2024-36288SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
CVE-2024-36477tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
CVE-2024-36481tracing/probes: fix error check in parse_btf_field()

Showing top 20 of 40 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-38621

No comments yet

Leave a comment