CVE-2024-50056

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c

Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format().

Fix the following smatch errors:

drivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix() error: 'fmtdesc' dereferencing possible ERR_PTR()

drivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format() error: 'fmtdesc' dereferencing possible ERR_PTR()

Also, fix similar issue in uvc_v4l2_try_format() for potential dereferencing of ERR_PTR().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux588b9e85609bcb2f84a2be83591480aa943943b6 < 03fa71e97e9bb116993ec1d51b8a6fe776db0984affected
LinuxLinux588b9e85609bcb2f84a2be83591480aa943943b6 < 72a68d2bede3284b95ee93a5ab3a81758bba95b0affected
LinuxLinux588b9e85609bcb2f84a2be83591480aa943943b6 < cedeb36c3ff4acd0f3d09918dfd8ed1df05efdd6affected
LinuxLinux588b9e85609bcb2f84a2be83591480aa943943b6 < a7bb96b18864225a694e3887ac2733159489e4b0affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.133 <= 6.1.*unaffected
LinuxLinux6.6.86 <= 6.6.*unaffected
LinuxLinux6.11.4 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References