470426 – (CVE-2008-3496) CVE-2008-3496 kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing

Bug 470426 (CVE-2008-3496) - CVE-2008-3496 kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing

Summary: CVE-2008-3496 kernel: uvcvideo: Fix a buffer overflow in format descriptor pa...

Keywords:
Status:	CLOSED UPSTREAM
Alias:	CVE-2008-3496
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	470427
Blocks:
TreeView+	depends on / blocked

Reported:	2008-11-07 05:21 UTC by Eugene Teo (Security Response)
Modified:	2021-11-12 19:51 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-21 17:51:38 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed upstream patch (1.12 KB, patch) 2008-11-07 05:24 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
View All

Description Eugene Teo (Security Response) 2008-11-07 05:21:08 UTC

Description of problem:
There's a buffer overflow in the format descriptor parsing in the uvcvideo driver.

Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=233548a2fd934a0220db8b1521c0bc88c82e5e53

Comment 1 Eugene Teo (Security Response) 2008-11-07 05:24:10 UTC

Created attachment 322814 [details]
Proposed upstream patch

Note You need to log in before you can comment on or make changes to this bug.