CVE-2024-36895

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.37

Description: The issue is related to a buffer size problem when parsing configfs lists in the uvc gadget support on 32-bit platforms. A helper function uvcg iter item entries() was introduced to aid with parsing lists of items on configfs attributes stores. However, this function was changed to allocate a variably sized temporary buffer on the heap but wasn't properly updated to check for the maximum buffer size using the computed size instead of the sizeof() operator. As a result, the maximum item size was too small for some UVC configfs attributes, such as dwFrameInteval, which usually has 6-digit item values.

Recommendations: To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider restricting access to the vulnerable uvcg iter item entries() function until a patch is available.