CVE-2022-48987

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the media component of the Linux kernel, specifically the v4l2-dv-timings.c file. It involves incorrect input validation in the v4l2 valid dv timings() function, which can lead to integer overflows when userspace passes unusual values. The problem arises when userspace only knows the total blanking and assigns it to one field, causing the sanity checks to fail. To resolve this, a maximum for the total horizontal and vertical blanking has been set, allowing for more flexibility in how userspace fills in these fields. This change is sufficient to avoid integer overflows. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.