Note:
This project will be discontinued after December 13, 2021. [more]
2017-11-04
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
| Products | Linux_kernel |
| Type | Improper Input Validation (CWE-20) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://usn.ubuntu.com/3631-2/
• https://usn.ubuntu.com/3754-1/ • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • https://patchwork.linuxtv.org/patch/44566/ • https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ |