A vulnerability was found in technisat_usb2_get_ir in drivers/media/usb/dvb-usb/technisat-usb2.c in DVB USB subsystem, there was an out-of-bounds read for an array in struct technisat_usb2_state state->buf with no boundary check applied until 0xff byte is encountered, if it is not found with in the limits it goes beyond the array size, this exposes kernel data structure which should not happen. Reference: https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/ https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1746734]
Mitigation: Mitigation for this issue is to skip loading the affected module technisat_usb2 onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~