PT-2019-7248 · Linux+4 · Linux Kernel+4

Published

2015-08-12

Updated

2020-04-08

CVE-2015-9289

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.1.4

Description A buffer overflow occurs when checking userspace parameters in the drivers/media/dvb-frontends/cx24116.c file. The maximum size for a DiSEqC command is 6, according to the userspace API, but the code allows larger values, such as 23.

Recommendations For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the size of DiSEqC commands to the maximum allowed value of 6 to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2015-1678

ALT-PU-2015-1849

CESA-2020_1016

CVE-2015-9289

RHSA-2020:1016

RHSA-2020:1070

RHSA-2020_1016

RHSA-2020_1070

SUSE-SU-2019:14157-1

SUSE-SU-2019_14157-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2019-7248 · Linux+4 · Linux Kernel+4

CVE-2015-9289

Weakness Enumeration

Related Identifiers

Affected Products

References · 39