A flaw possible out of bounds write in the Linux kernel found. Due to improper input validation, in v4l2_m2m_querybuf of v4l2-mem2mem.c, out of bounds write could happen when user calls ioctl VIDIOC_QUERYBUF with mmap the capture buffer directly from userspace using values from DQBUF. As result, it can lead to local escalation of privilege. The user need to have system execution privileges to trigger this. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=8310ca94075e784bbb06593cd6c068ee6b6e4ca6
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2137511]
This was fixed for Fedora with the 5.16.19 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-20369