Bug 246340 (CVE-2008-5033)

Summary:	Kernel: <2.6.25.19 <2.6.26.7 <2.6.27.3 drivers/media/video/tvaudio.c DOS (CVE-2008-5033)
Product:	Gentoo Security	Reporter:	stupendoussteve
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1
Whiteboard:	[linux <2.6.25.19] [linux >=2.6.26 <2.6.26.7] [linux >=2.6.27 <2.6.27.3] [gp < 2.6.26-4] [gp >= 2.6.27-1 < 2.6.27-3]
Package list:		Runtime testing required:	---

Description stupendoussteve 2008-11-10 20:48:38 UTC

The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.

Appears the fix was simple:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1

Reproducible: Always

Comment 1 Axel Dyks 2008-12-14 21:37:16 UTC

At least fixed for latest 2.6.26/27

  * 2.6.26.8 --> gentoo-sources-2.6.26-r4
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commitdiff;h=7afc74502277568d6f9c5a4542fb63e26e272638

  * 2.6.27.9 --> gentoo-sources-2.6.27-r6
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commitdiff;h=cd9f58efb861a86283931f3db17aa2a4fe4da642

So, what prevents us from closing this bug? :-)

Comment 2 kfm 2009-07-23 17:38:04 UTC

Added genpatches annotations to Status Whiteboard. Re Comment 1 - the answer is that gentoo-sources is not the only ebuild in the sys-kernel/ namespace and that, for as long as there are affected ebuilds in the tree, the bug remains outstanding, irrespective of whether the more popular ebuilds are unaffected.

Removing hardened-kernel as its 2.6.25 incarnation contains 2.6.25.20.