Description
In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") [hverkuil: add spaces around +]
Product status
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before 73c0b224ceeba12dee2a7a8cbc147648da0b2e63
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before e04affec2506ff5c12a18d78d7e694b3556a8982
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before 8dc5b370254abc10f0cb4141d90cecf7ce465472
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before 4a9763d2bc4a6d6fab42555b9c0b2eefa32585ac
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before 3dd5846a873938ec7b6d404ec27662942cd8f2ef
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before 14b94154a72388b57221a2a73795c0ea61a95373
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before 5975dbbb7ad0767eaabd15d2c37a739ac76acb00
a51e34dd6080d8d5c9e95a4e0292cd4cb889a61b (git) before c30411266fd67ea3c02a05c157231654d5a3bdc9
2.6.27
Any version before 2.6.27
4.14.326 (semver)
4.19.295 (semver)
5.4.257 (semver)
5.10.197 (semver)
5.15.133 (semver)
6.1.55 (semver)
6.5.5 (semver)
6.6 (original_commit_for_fix)
References
git.kernel.org/...c/73c0b224ceeba12dee2a7a8cbc147648da0b2e63
git.kernel.org/...c/e04affec2506ff5c12a18d78d7e694b3556a8982
git.kernel.org/...c/8dc5b370254abc10f0cb4141d90cecf7ce465472
git.kernel.org/...c/4a9763d2bc4a6d6fab42555b9c0b2eefa32585ac
git.kernel.org/...c/3dd5846a873938ec7b6d404ec27662942cd8f2ef
git.kernel.org/...c/14b94154a72388b57221a2a73795c0ea61a95373
git.kernel.org/...c/5975dbbb7ad0767eaabd15d2c37a739ac76acb00
git.kernel.org/...c/c30411266fd67ea3c02a05c157231654d5a3bdc9