An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference. Reference and upstream commit: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1833453]
This was fixed for Fedora with the 5.5.14 stable kernel update.
Mitigation: In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module gspca_stv06xx. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Statement: This issue is rated as having Low impact because of the preconditions needed to trigger the issue (physical access).