In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which will cause out of bounds access. Add check to return early on invalid value. Adjust warnings accordingly. Found by Linux Verification Center (linuxtesting.org) with SVACE.
History

Thu, 26 Sep 2024 10:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 21 Aug 2024 23:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 21 Aug 2024 00:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which will cause out of bounds access. Add check to return early on invalid value. Adjust warnings accordingly. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Title media: pci: ivtv: Add check for DMA map result
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-08-21T00:06:29.330Z

Updated: 2024-12-19T09:17:38.961Z

Reserved: 2024-08-17T09:11:59.281Z

Link: CVE-2024-43877

cve-icon Vulnrichment

Updated: 2024-09-11T12:42:22.617Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-21T01:15:12.033

Modified: 2024-08-21T12:30:33.697

Link: CVE-2024-43877

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-21T00:00:00Z

Links: CVE-2024-43877 - Bugzilla