Vigil@nce: Linux kernel, denial of service via DVB
March 2010 by Vigil@nce
An attacker can send a malformed DVB/MPEG2-TS frame, in order to
block the system.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 01/03/2010
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports DVB (Digital Video Broadcasting). MPEG2
video data are for example received via a satellite dish, the
cable or a digital terrestrial television.
The MPEG2-TS (Transport Stream) protocol for example manages the
error correction, and it is used by DVB.
The RFC 4326 defines ULE (Unidirectional Lightweight
Encapsulation), which is used to transport IP packets on MPEG2-TS.
However, when the ULE Payload Pointer field is 182 or 183, an
infinite loop occurs in the dvb_net_ule() function of the
drivers/media/dvb/dvb-core/dvb_net.c file.
An attacker can therefore send a malformed DVB/MPEG2-TS frame, in
order to block the system.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-9481
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-DVB-9481