Red Hat Bugzilla – Bug 470366
Backport security fixes in uvcvideo driver
Last modified: 2014-08-31 19:29:04 EDT
Description of problem:
There are two commits in upstream svn (#220 CVE-2008-3496, and #258 (unknown CVE) that need to be backported to the 5.3 uvcvideo driver.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.create a malicious uvc camera
2.attach it to a 5.3 machine
3.attempt to use it
#258 also requires part of #240. Without #240 it is a stack-based buffer
overflow, for extra danger.
*** This bug has been marked as a duplicate of bug 470427 ***