Vigil@nce - Linux kernel: buffer overflow of ttusb-dec
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in ttusb-dec of the
Linux kernel, in order to trigger a denial of service, and
possibly to execute code.
Impacted products: Linux
Severity: 2/4
Creation date: 14/11/2014
DESCRIPTION OF THE VULNERABILITY
The drivers/media/usb/ttusb-dec/ttusbdecfe.c file of the Linux
kernel implements the support of the DVB-T USB devices.
However, if the size of data is greater than the size of the
storage array, an overflow occurs in the ttusbdecfe_dvbs_diseqc_send_master_cmd()
function.
An attacker can therefore generate a buffer overflow in ttusb-dec
of the Linux kernel, in order to trigger a denial of service, and
possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-of-ttusb-dec-15652