234808 – (CVE-2008-3496) Linux =2.6.26 V4L/DVB (8207): uvcvideo: Fix a buffer overflow in format descriptor parsing (CVE-2008-3496)

Bug 234808 (CVE-2008-3496) - Linux =2.6.26 V4L/DVB (8207): uvcvideo: Fix a buffer overflow in format descriptor parsing (CVE-2008-3496)

Summary: Linux =2.6.26 V4L/DVB (8207): uvcvideo: Fix a buffer overflow in format descr...

Status:	RESOLVED FIXED

Alias:	CVE-2008-3496

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux >=2.6.26 <2.6.26.1] [gp >=2.6....
Keywords:

Depends on:
Blocks:

Reported:	2008-08-15 11:07 UTC by Robert Buchholz (RETIRED)
Modified:	2013-09-12 04:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-08-15 11:07:49 UTC

CVE-2008-3496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3496):
  Buffer overflow in format descriptor parsing in the uvc_parse_format function
  in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L)
  implementation in the Linux kernel before 2.6.26.1 has unknown impact and
  attack vectors.

Comment 1 kfm 2009-07-23 18:10:02 UTC

Amending Status Whiteboard; the affected driver didn't go mainline until the release of 2.6.26. Given such a narrow scope, it's quite possible that this bug is no longer outstanding.