Bug 1746732 (CVE-2019-15505) - CVE-2019-15505 kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
Summary: CVE-2019-15505 kernel: out of bounds read in drivers/media/usb/dvb-usb/techni...
Keywords:
Status: NEW
Alias: CVE-2019-15505
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1805720 1805721 1805722 1805723 1746734 1805724
Blocks: 1746735
TreeView+ depends on / blocked
 
Reported: 2019-08-29 07:38 UTC by Dhananjay Arunesh
Modified: 2020-02-27 16:40 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisat_usb2_state state->buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure occurs. Data confidentiality and system availability are the highest threats with this vulnerability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-08-29 07:38:14 UTC
A vulnerability was found in technisat_usb2_get_ir in drivers/media/usb/dvb-usb/technisat-usb2.c  in DVB USB subsystem,  there was an out-of-bounds read for an array in struct technisat_usb2_state state->buf  with no boundary check applied  until  0xff byte is encountered, if it is not found with in the limits it goes beyond the array size, this exposes kernel data structure which should not happen.  


Reference:
https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/
https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/

Comment 1 Dhananjay Arunesh 2019-08-29 07:39:41 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1746734]

Comment 7 Eric Christensen 2020-02-27 16:40:06 UTC
Mitigation:

Mitigation for this issue is to skip loading the affected module technisat_usb2 onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.
~~~
How do I blacklist a kernel module to prevent it from loading automatically? 
https://access.redhat.com/solutions/41278  
~~~


Note You need to log in before you can comment on or make changes to this bug.