CVE-2025-38558 (GCVE-0-2025-38558)

Vulnerability from cvelistv5 – Published: 2025-08-19 17:02 – Updated: 2025-09-29 05:53
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca ("usb: gadget: uvc: Allow creating new color matching descriptors") that added handling for uncompressed and mjpeg format. Crash is seen when userspace configuration (via configfs) does not explicitly define the color matching descriptor. If color_matching is not found, config_group_find_item() returns NULL. The code then jumps to out_put_cm, where it calls config_item_put(color_matching);. If color_matching is NULL, this will dereference a null pointer, leading to a crash. [ 2.746440] Unable to handle kernel NULL pointer dereference at virtual address 000000000000008c [ 2.756273] Mem abort info: [ 2.760080] ESR = 0x0000000096000005 [ 2.764872] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.771068] SET = 0, FnV = 0 [ 2.771069] EA = 0, S1PTW = 0 [ 2.771070] FSC = 0x05: level 1 translation fault [ 2.771071] Data abort info: [ 2.771072] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 2.771073] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.771074] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.771075] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000a3e59000 [ 2.771077] [000000000000008c] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 2.771081] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 2.771084] Dumping ftrace buffer: [ 2.771085] (ftrace buffer empty) [ 2.771138] CPU: 7 PID: 486 Comm: ln Tainted: G W E 6.6.58-android15 [ 2.771139] Hardware name: Qualcomm Technologies, Inc. SunP QRD HDK (DT) [ 2.771140] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2.771141] pc : __uvcg_fill_strm+0x198/0x2cc [ 2.771145] lr : __uvcg_iter_strm_cls+0xc8/0x17c [ 2.771146] sp : ffffffc08140bbb0 [ 2.771146] x29: ffffffc08140bbb0 x28: ffffff803bc81380 x27: ffffff8023bbd250 [ 2.771147] x26: ffffff8023bbd250 x25: ffffff803c361348 x24: ffffff803d8e6768 [ 2.771148] x23: 0000000000000004 x22: 0000000000000003 x21: ffffffc08140bc48 [ 2.771149] x20: 0000000000000000 x19: ffffffc08140bc48 x18: ffffffe9f8cf4a00 [ 2.771150] x17: 000000001bf64ec3 x16: 000000001bf64ec3 x15: ffffff8023bbd250 [ 2.771151] x14: 000000000000000f x13: 004c4b40000f4240 x12: 000a2c2a00051615 [ 2.771152] x11: 000000000000004f x10: ffffffe9f76b40ec x9 : ffffffe9f7e389d0 [ 2.771153] x8 : ffffff803d0d31ce x7 : 000f4240000a2c2a x6 : 0005161500028b0a [ 2.771154] x5 : ffffff803d0d31ce x4 : 0000000000000003 x3 : 0000000000000000 [ 2.771155] x2 : ffffffc08140bc50 x1 : ffffffc08140bc48 x0 : 0000000000000000 [ 2.771156] Call trace: [ 2.771157] __uvcg_fill_strm+0x198/0x2cc [ 2.771157] __uvcg_iter_strm_cls+0xc8/0x17c [ 2.771158] uvcg_streaming_class_allow_link+0x240/0x290 [ 2.771159] configfs_symlink+0x1f8/0x630 [ 2.771161] vfs_symlink+0x114/0x1a0 [ 2.771163] do_symlinkat+0x94/0x28c [ 2.771164] __arm64_sys_symlinkat+0x54/0x70 [ 2.771164] invoke_syscall+0x58/0x114 [ 2.771166] el0_svc_common+0x80/0xe0 [ 2.771168] do_el0_svc+0x1c/0x28 [ 2.771169] el0_svc+0x3c/0x70 [ 2.771172] el0t_64_sync_handler+0x68/0xbc [ 2.771173] el0t_64_sync+0x1a8/0x1ac Initialize color matching descriptor for frame-based format to prevent NULL pointer crash by mirroring the handling done for uncompressed and mjpeg formats.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 7b5a58952fc3b51905c2963647485565df1e5e26 , < 6db61c1aa23075eeee90e083ca3f6567a5635da6 (git)
Affected: 7b5a58952fc3b51905c2963647485565df1e5e26 , < 7f8576fc9d1a203d12474bf52710c7af68cae490 (git)
Affected: 7b5a58952fc3b51905c2963647485565df1e5e26 , < 323a80a1a5ace319a722909c006d5bdb2a35d273 (git)
Create a notification for this product.
    Linux Linux Affected: 6.13
Unaffected: 0 , < 6.13 (semver)
Unaffected: 6.15.10 , ≤ 6.15.* (semver)
Unaffected: 6.16.1 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/uvc_configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6db61c1aa23075eeee90e083ca3f6567a5635da6",
              "status": "affected",
              "version": "7b5a58952fc3b51905c2963647485565df1e5e26",
              "versionType": "git"
            },
            {
              "lessThan": "7f8576fc9d1a203d12474bf52710c7af68cae490",
              "status": "affected",
              "version": "7b5a58952fc3b51905c2963647485565df1e5e26",
              "versionType": "git"
            },
            {
              "lessThan": "323a80a1a5ace319a722909c006d5bdb2a35d273",
              "status": "affected",
              "version": "7b5a58952fc3b51905c2963647485565df1e5e26",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/uvc_configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.13"
            },
            {
              "lessThan": "6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Initialize frame-based format color matching descriptor\n\nFix NULL pointer crash in uvcg_framebased_make due to uninitialized color\nmatching descriptor for frame-based format which was added in\ncommit f5e7bdd34aca (\"usb: gadget: uvc: Allow creating new color matching\ndescriptors\") that added handling for uncompressed and mjpeg format.\n\nCrash is seen when userspace configuration (via configfs) does not\nexplicitly define the color matching descriptor. If color_matching is not\nfound, config_group_find_item() returns NULL. The code then jumps to\nout_put_cm, where it calls config_item_put(color_matching);. If\ncolor_matching is NULL, this will dereference a null pointer, leading to a\ncrash.\n\n[    2.746440] Unable to handle kernel NULL pointer dereference at virtual address 000000000000008c\n[    2.756273] Mem abort info:\n[    2.760080]   ESR = 0x0000000096000005\n[    2.764872]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    2.771068]   SET = 0, FnV = 0\n[    2.771069]   EA = 0, S1PTW = 0\n[    2.771070]   FSC = 0x05: level 1 translation fault\n[    2.771071] Data abort info:\n[    2.771072]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[    2.771073]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    2.771074]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    2.771075] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000a3e59000\n[    2.771077] [000000000000008c] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[    2.771081] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[    2.771084] Dumping ftrace buffer:\n[    2.771085]    (ftrace buffer empty)\n[    2.771138] CPU: 7 PID: 486 Comm: ln Tainted: G        W   E      6.6.58-android15\n[    2.771139] Hardware name: Qualcomm Technologies, Inc. SunP QRD HDK (DT)\n[    2.771140] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[    2.771141] pc : __uvcg_fill_strm+0x198/0x2cc\n[    2.771145] lr : __uvcg_iter_strm_cls+0xc8/0x17c\n[    2.771146] sp : ffffffc08140bbb0\n[    2.771146] x29: ffffffc08140bbb0 x28: ffffff803bc81380 x27: ffffff8023bbd250\n[    2.771147] x26: ffffff8023bbd250 x25: ffffff803c361348 x24: ffffff803d8e6768\n[    2.771148] x23: 0000000000000004 x22: 0000000000000003 x21: ffffffc08140bc48\n[    2.771149] x20: 0000000000000000 x19: ffffffc08140bc48 x18: ffffffe9f8cf4a00\n[    2.771150] x17: 000000001bf64ec3 x16: 000000001bf64ec3 x15: ffffff8023bbd250\n[    2.771151] x14: 000000000000000f x13: 004c4b40000f4240 x12: 000a2c2a00051615\n[    2.771152] x11: 000000000000004f x10: ffffffe9f76b40ec x9 : ffffffe9f7e389d0\n[    2.771153] x8 : ffffff803d0d31ce x7 : 000f4240000a2c2a x6 : 0005161500028b0a\n[    2.771154] x5 : ffffff803d0d31ce x4 : 0000000000000003 x3 : 0000000000000000\n[    2.771155] x2 : ffffffc08140bc50 x1 : ffffffc08140bc48 x0 : 0000000000000000\n[    2.771156] Call trace:\n[    2.771157]  __uvcg_fill_strm+0x198/0x2cc\n[    2.771157]  __uvcg_iter_strm_cls+0xc8/0x17c\n[    2.771158]  uvcg_streaming_class_allow_link+0x240/0x290\n[    2.771159]  configfs_symlink+0x1f8/0x630\n[    2.771161]  vfs_symlink+0x114/0x1a0\n[    2.771163]  do_symlinkat+0x94/0x28c\n[    2.771164]  __arm64_sys_symlinkat+0x54/0x70\n[    2.771164]  invoke_syscall+0x58/0x114\n[    2.771166]  el0_svc_common+0x80/0xe0\n[    2.771168]  do_el0_svc+0x1c/0x28\n[    2.771169]  el0_svc+0x3c/0x70\n[    2.771172]  el0t_64_sync_handler+0x68/0xbc\n[    2.771173]  el0t_64_sync+0x1a8/0x1ac\n\nInitialize color matching descriptor for frame-based format to prevent\nNULL pointer crash by mirroring the handling done for uncompressed and\nmjpeg formats."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:53:45.730Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6db61c1aa23075eeee90e083ca3f6567a5635da6"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f8576fc9d1a203d12474bf52710c7af68cae490"
        },
        {
          "url": "https://git.kernel.org/stable/c/323a80a1a5ace319a722909c006d5bdb2a35d273"
        }
      ],
      "title": "usb: gadget: uvc: Initialize frame-based format color matching descriptor",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38558",
    "datePublished": "2025-08-19T17:02:36.355Z",
    "dateReserved": "2025-04-16T04:51:24.025Z",
    "dateUpdated": "2025-09-29T05:53:45.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38558\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:32.100\",\"lastModified\":\"2025-11-28T14:42:30.450\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nusb: gadget: uvc: Initialize frame-based format color matching descriptor\\n\\nFix NULL pointer crash in uvcg_framebased_make due to uninitialized color\\nmatching descriptor for frame-based format which was added in\\ncommit f5e7bdd34aca (\\\"usb: gadget: uvc: Allow creating new color matching\\ndescriptors\\\") that added handling for uncompressed and mjpeg format.\\n\\nCrash is seen when userspace configuration (via configfs) does not\\nexplicitly define the color matching descriptor. If color_matching is not\\nfound, config_group_find_item() returns NULL. The code then jumps to\\nout_put_cm, where it calls config_item_put(color_matching);. If\\ncolor_matching is NULL, this will dereference a null pointer, leading to a\\ncrash.\\n\\n[    2.746440] Unable to handle kernel NULL pointer dereference at virtual address 000000000000008c\\n[    2.756273] Mem abort info:\\n[    2.760080]   ESR = 0x0000000096000005\\n[    2.764872]   EC = 0x25: DABT (current EL), IL = 32 bits\\n[    2.771068]   SET = 0, FnV = 0\\n[    2.771069]   EA = 0, S1PTW = 0\\n[    2.771070]   FSC = 0x05: level 1 translation fault\\n[    2.771071] Data abort info:\\n[    2.771072]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\\n[    2.771073]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\\n[    2.771074]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\\n[    2.771075] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000a3e59000\\n[    2.771077] [000000000000008c] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\\n[    2.771081] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\\n[    2.771084] Dumping ftrace buffer:\\n[    2.771085]    (ftrace buffer empty)\\n[    2.771138] CPU: 7 PID: 486 Comm: ln Tainted: G        W   E      6.6.58-android15\\n[    2.771139] Hardware name: Qualcomm Technologies, Inc. SunP QRD HDK (DT)\\n[    2.771140] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\\n[    2.771141] pc : __uvcg_fill_strm+0x198/0x2cc\\n[    2.771145] lr : __uvcg_iter_strm_cls+0xc8/0x17c\\n[    2.771146] sp : ffffffc08140bbb0\\n[    2.771146] x29: ffffffc08140bbb0 x28: ffffff803bc81380 x27: ffffff8023bbd250\\n[    2.771147] x26: ffffff8023bbd250 x25: ffffff803c361348 x24: ffffff803d8e6768\\n[    2.771148] x23: 0000000000000004 x22: 0000000000000003 x21: ffffffc08140bc48\\n[    2.771149] x20: 0000000000000000 x19: ffffffc08140bc48 x18: ffffffe9f8cf4a00\\n[    2.771150] x17: 000000001bf64ec3 x16: 000000001bf64ec3 x15: ffffff8023bbd250\\n[    2.771151] x14: 000000000000000f x13: 004c4b40000f4240 x12: 000a2c2a00051615\\n[    2.771152] x11: 000000000000004f x10: ffffffe9f76b40ec x9 : ffffffe9f7e389d0\\n[    2.771153] x8 : ffffff803d0d31ce x7 : 000f4240000a2c2a x6 : 0005161500028b0a\\n[    2.771154] x5 : ffffff803d0d31ce x4 : 0000000000000003 x3 : 0000000000000000\\n[    2.771155] x2 : ffffffc08140bc50 x1 : ffffffc08140bc48 x0 : 0000000000000000\\n[    2.771156] Call trace:\\n[    2.771157]  __uvcg_fill_strm+0x198/0x2cc\\n[    2.771157]  __uvcg_iter_strm_cls+0xc8/0x17c\\n[    2.771158]  uvcg_streaming_class_allow_link+0x240/0x290\\n[    2.771159]  configfs_symlink+0x1f8/0x630\\n[    2.771161]  vfs_symlink+0x114/0x1a0\\n[    2.771163]  do_symlinkat+0x94/0x28c\\n[    2.771164]  __arm64_sys_symlinkat+0x54/0x70\\n[    2.771164]  invoke_syscall+0x58/0x114\\n[    2.771166]  el0_svc_common+0x80/0xe0\\n[    2.771168]  do_el0_svc+0x1c/0x28\\n[    2.771169]  el0_svc+0x3c/0x70\\n[    2.771172]  el0t_64_sync_handler+0x68/0xbc\\n[    2.771173]  el0t_64_sync+0x1a8/0x1ac\\n\\nInitialize color matching descriptor for frame-based format to prevent\\nNULL pointer crash by mirroring the handling done for uncompressed and\\nmjpeg formats.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: uvc: Inicializar descriptor de coincidencia de color de formato basado en frame. Se corrige el fallo del puntero nulo en uvcg_framebased_make debido a un descriptor de coincidencia de color no inicializado para el formato basado en frame, que se a\u00f1adi\u00f3 en el commit f5e7bdd34aca (\\\"usb: gadget: uvc: Permitir la creaci\u00f3n de nuevos descriptores de coincidencia de color\\\") que agreg\u00f3 el manejo para el formato sin comprimir y mjpeg. El fallo se observa cuando la configuraci\u00f3n del espacio de usuario (a trav\u00e9s de configfs) no define expl\u00edcitamente el descriptor de coincidencia de color. Si no se encuentra color_matching, config_group_find_item() devuelve NULL. El c\u00f3digo luego salta a out_put_cm, donde llama a config_item_put(color_matching);. Si color_matching es NULL, esto desreferenciar\u00e1 un puntero nulo, lo que provocar\u00e1 un fallo. [ 2.746440] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 000000000000008c [ 2.756273] Informaci\u00f3n de aborto de memoria: [ 2.760080] ESR = 0x0000000096000005 [ 2.764872] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.771068] SET = 0, FnV = 0 [ 2.771069] EA = 0, S1PTW = 0 [ 2.771070] FSC = 0x05: level 1 translation fault [ 2.771071] Data abort info: [ 2.771072] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 2.771073] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.771074] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.771075] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000a3e59000 [ 2.771077] [000000000000008c] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 2.771081] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 2.771084] Dumping ftrace buffer: [ 2.771085] (ftrace buffer empty) [ 2.771138] CPU: 7 PID: 486 Comm: ln Tainted: G W E 6.6.58-android15 [ 2.771139] Hardware name: Qualcomm Technologies, Inc. SunP QRD HDK (DT) [ 2.771140] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2.771141] pc : __uvcg_fill_strm+0x198/0x2cc [ 2.771145] lr : __uvcg_iter_strm_cls+0xc8/0x17c [ 2.771146] sp : ffffffc08140bbb0 [ 2.771146] x29: ffffffc08140bbb0 x28: ffffff803bc81380 x27: ffffff8023bbd250 [ 2.771147] x26: ffffff8023bbd250 x25: ffffff803c361348 x24: ffffff803d8e6768 [ 2.771148] x23: 0000000000000004 x22: 0000000000000003 x21: ffffffc08140bc48 [ 2.771149] x20: 0000000000000000 x19: ffffffc08140bc48 x18: ffffffe9f8cf4a00 [ 2.771150] x17: 000000001bf64ec3 x16: 000000001bf64ec3 x15: ffffff8023bbd250 [ 2.771151] x14: 000000000000000f x13: 004c4b40000f4240 x12: 000a2c2a00051615 [ 2.771152] x11: 000000000000004f x10: ffffffe9f76b40ec x9 : ffffffe9f7e389d0 [ 2.771153] x8 : ffffff803d0d31ce x7 : 000f4240000a2c2a x6 : 0005161500028b0a [ 2.771154] x5 : ffffff803d0d31ce x4 : 0000000000000003 x3 : 0000000000000000 [ 2.771155] x2 : ffffffc08140bc50 x1 : ffffffc08140bc48 x0 : 0000000000000000 [ 2.771156] Call trace: [ 2.771157] __uvcg_fill_strm+0x198/0x2cc [ 2.771157] __uvcg_iter_strm_cls+0xc8/0x17c [ 2.771158] uvcg_streaming_class_allow_link+0x240/0x290 [ 2.771159] configfs_symlink+0x1f8/0x630 [ 2.771161] vfs_symlink+0x114/0x1a0 [ 2.771163] do_symlinkat+0x94/0x28c [ 2.771164] __arm64_sys_symlinkat+0x54/0x70 [ 2.771164] invoke_syscall+0x58/0x114 [ 2.771166] el0_svc_common+0x80/0xe0 [ 2.771168] do_el0_svc+0x1c/0x28 [ 2.771169] el0_svc+0x3c/0x70 [ 2.771172] el0t_64_sync_handler+0x68/0xbc [ 2.771173] el0t_64_sync+0x1a8/0x1ac Inicializa el descriptor de coincidencia de color para el formato basado en frame para evitar el bloqueo del puntero NULL reflejando el manejo realizado para los formatos sin comprimir y mjpeg.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.15.10\",\"matchCriteriaId\":\"5890C690-B295-40C2-9121-FF5F987E5142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.16\",\"versionEndExcluding\":\"6.16.1\",\"matchCriteriaId\":\"58182352-D7DF-4CC9-841E-03C1D852C3FB\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/323a80a1a5ace319a722909c006d5bdb2a35d273\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6db61c1aa23075eeee90e083ca3f6567a5635da6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7f8576fc9d1a203d12474bf52710c7af68cae490\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.