PT-2025-3316 · Linux+7 · Linux Kernel+7
Syzbot
·
Published
2024-01-06
·
Updated
2025-10-03
·
CVE-2024-56769
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability has been resolved in the Linux kernel, specifically in the media module, related to the dvb-frontends component, dib3000mb. The issue involves an uninitialized value in the
dib3000 write reg function. The local variable rb is used as a read buffer in i2c transfer(), and if the call fails, the buffer may contain undefined values. To mitigate the problem, the rb buffer is zeroed out. The vulnerability was reported by Syzbot and found by KMSAN in dib3000 read reg().Recommendations
As a temporary workaround, consider initializing the
rb buffer to zero in the dib3000 write reg function to prevent the use of undefined values.
To fully resolve the issue, update to a newer version of the Linux kernel, such as version 6.6.74 or later, which includes the fix for the uninitialized value bug in the dib3000mb component.Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu