Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1746732 (CVE-2019-15505) - CVE-2019-15505 kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
Summary: CVE-2019-15505 kernel: out of bounds read in drivers/media/usb/dvb-usb/techni...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-15505
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1746734 1805720 1805721 1805722 1805723 1805724
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-29 07:38 UTC by Dhananjay Arunesh
Modified: 2023-10-17 03:55 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisat_usb2_state state->buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure occurs. Data confidentiality and system availability are the highest threats with this vulnerability.
Clone Of:
Environment:
Last Closed: 2021-10-27 10:49:05 UTC
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-08-29 07:38:14 UTC
A vulnerability was found in technisat_usb2_get_ir in drivers/media/usb/dvb-usb/technisat-usb2.c  in DVB USB subsystem,  there was an out-of-bounds read for an array in struct technisat_usb2_state state->buf  with no boundary check applied  until  0xff byte is encountered, if it is not found with in the limits it goes beyond the array size, this exposes kernel data structure which should not happen.  


Reference:
https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/
https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/

Comment 1 Dhananjay Arunesh 2019-08-29 07:39:41 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1746734]

Comment 7 Eric Christensen 2020-02-27 16:40:06 UTC
Mitigation:

Mitigation for this issue is to skip loading the affected module technisat_usb2 onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.
~~~
How do I blacklist a kernel module to prevent it from loading automatically? 
https://access.redhat.com/solutions/41278  
~~~


Note You need to log in before you can comment on or make changes to this bug.