// For flags

CVE-2024-27075

media: dvb-frontends: avoid stack overflow warnings with clang

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-frontends: avoid stack overflow warnings with clang

A previous patch worked around a KASAN issue in stv0367, now a similar
problem showed up with clang:

drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]
1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)

Rework the stv0367_writereg() function to be simpler and mark both
register access functions as noinline_for_stack so the temporary
i2c_msg structures do not get duplicated on the stack when KASAN_STACK
is enabled.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: dvb-frontends: evita advertencias de desbordamiento de pila con clang. Un parche anterior solucionó un problema de KASAN en stv0367, ahora apareció un problema similar con clang: drivers/media/dvb- frontends/stv0367.c:1222:12: error: el tamaño del marco de pila (3624) excede el límite (2048) en 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Vuelva a trabajar la función stv0367_writereg() para que sea más simple y marque ambas funciones de acceso a registros como noinline_for_stack para que las estructuras temporales i2c_msg no se dupliquen en la pila cuando KASAN_STACK esté habilitado.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-05-01 CVE Published
  • 2024-05-02 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 4.19.311
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 4.19.311"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 5.4.273
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.4.273"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 5.10.214
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.214"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 5.15.153
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.153"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.1.83
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.83"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.6.23
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.23"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.7.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.7.11"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.8.2
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.8.2"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.9"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.4.168
Search vendor "Linux" for product "Linux Kernel" and version "4.4.168"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.9.82
Search vendor "Linux" for product "Linux Kernel" and version "4.9.82"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.14.20
Search vendor "Linux" for product "Linux Kernel" and version "4.14.20"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.15.4
Search vendor "Linux" for product "Linux Kernel" and version "4.15.4"
en
Affected