← volver
CVE-2025-68819

media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()

EPSS 0.2%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger than sizeof(st->data), an out-of-bounds vuln occurs for st->data. Therefore, we need to add proper range checking to prevent this vuln.
Productos afectados
Linux · Linux