A NULL pointer dereference flaw was found in tw5864_handle_frame function in drivers/media/pci/tw5864/tw5864-video.c in TW5864 Series Video media driver. Here a pointer 'vb' assigned but not validated before its use can lead to a denial of service (DoS) problem. This flaw could allow a local attacker with special user privilege (or root) to crash the system or leak internal kernel information. Reference and upstream commit: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e7682ebfc750177a4944eeb56e97a3f05734528
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1842548]
This was fixed for Fedora in the 5.2 stable kernel rebases.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20806
Statement: There was not a shipped kernel version that was seen to be affected by this problem. These files are not built into the source code.