SB20240620208 - Use of uninitialized resource in Linux kernel usb dvb-usb-v2 driver
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240620208
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2021-47583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4b2d9600b31f9ba7adbc9f3c54a068615d27b390
- https://git.kernel.org/stable/c/96f182c9f48b984447741f054ec301fdc8517035
- https://git.kernel.org/stable/c/b99bdf127af91d53919e96292c05f737c45ea59a
- https://git.kernel.org/stable/c/8c6fdf62bfe1bc72bfceeaf832ef7499c7ed09ba
- https://git.kernel.org/stable/c/44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168