CVE-2024-58059

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Fix deadlock during uvc_probe

If uvc_probe() fails, it can end up calling uvc_status_unregister() before uvc_status_init() is called.

Fix this by checking if dev->status is NULL or not in uvc_status_unregister().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc5fe3ed618f995b4a903e574bf2e993cdebeefca < db577ededf3a18b39567fc1a6209f12a0c4a3c52affected
LinuxLinuxc5fe3ed618f995b4a903e574bf2e993cdebeefca < a67f75c2b5ecf534eab416ce16c11fe780c4f8f6affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.13.2 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References