Linux · Linux Kernel · CVE-2024-36895
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The issue is related to a buffer size problem when parsing configfs lists in the uvc gadget support on 32-bit platforms. A helper function ` uvcg iter item entries()` was introduced to aid with parsing lists of items on configfs attributes stores. However, this function was changed to allocate a variably sized temporary buffer on the heap but wasn't properly updated to check for the maximum buffer size using the computed size instead of the `sizeof()` operator. As a result, the maximum item size was too small for some UVC configfs attributes, such as `dwFrameInteval`, which usually has 6-digit item values.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later.
As a temporary workaround, consider restricting access to the vulnerable ` uvcg iter item entries()` function until a patch is available.