PT-2024-8297 · Linux+5 · Linux Kernel+5

Published

2024-02-28

·

Updated

2025-02-03

·

CVE-2024-27075

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a stack overflow in the stv0367 writeregs() function in the dvb-frontends component of the Linux kernel. This can potentially allow an attacker to cause a denial of service. The problem is associated with a stack frame size exceeding the limit in the stv0367ter set frontend() function. To address this, the stv0367 writereg() function is being reworked to be simpler, and register access functions are marked as noinline for stack to prevent temporary i2c msg structures from being duplicated on the stack when KASAN STACK is enabled.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

BDU:2024-09850
CVE-2024-27075
DLA-3840-1
DLA-3842-1
DSA-5681-1
OESA-2024-1677
OESA-2024-1678
OESA-2024-1679
OESA-2024-1680
OESA-2024-1681
OESA-2024-1682
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2190-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6919-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu