Description
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger than sizeof(st->data), an out-of-bounds vuln occurs for st->data. Therefore, we need to add proper range checking to prevent this vuln.
Product status
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before c2c293ea7b61f12cdaad1e99a5b4efc58c88960a
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before c2305b4c5fc15e20ac06c35738e0578eb4323750
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before 61f214a878e96e2a8750bf96a98f78c658dba60c
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before 4a54d8fcb093761e4c56eb211cf4e39bf8401fa1
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before fe3e129ab49806aaaa3f22067ebc75c2dfbe4658
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before ac92151ff2494130d9fc686055d6bbb9743a673e
60688d5e6e6e2ae62f29762d1e3b2aec2dbd3817 (git) before b91e6aafe8d356086cc621bc03e35ba2299e4788
2.6.28
Any version before 2.6.28
5.10.248 (semver)
5.15.198 (semver)
6.1.160 (semver)
6.6.120 (semver)
6.12.64 (semver)
6.18.3 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/c2c293ea7b61f12cdaad1e99a5b4efc58c88960a
git.kernel.org/...c/c2305b4c5fc15e20ac06c35738e0578eb4323750
git.kernel.org/...c/61f214a878e96e2a8750bf96a98f78c658dba60c
git.kernel.org/...c/4a54d8fcb093761e4c56eb211cf4e39bf8401fa1
git.kernel.org/...c/fe3e129ab49806aaaa3f22067ebc75c2dfbe4658
git.kernel.org/...c/ac92151ff2494130d9fc686055d6bbb9743a673e
git.kernel.org/...c/b91e6aafe8d356086cc621bc03e35ba2299e4788