CVE-2024-35830

MEDIUM

Linux Kernel 4.3-6.8.1 - Unauthenticated Device Access via v4l2 Async Registration

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.

References (11)

Core 11

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Patch

https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24

Patch

https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6

Patch

https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7

Patch

https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a

Patch

https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d

Patch

https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468

Patch

https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496

Patch

https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7

Patch

https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (30)

debian/debian_linux 10.0

linux/Kernel 4.20.0 - 5.4.273linux

linux/Kernel 4.3.0 - 4.19.311linux

linux/Kernel 5.11.0 - 5.15.153linux

linux/Kernel 5.16.0 - 6.1.83linux

linux/Kernel 5.5.0 - 5.10.214linux

linux/Kernel 6.2.0 - 6.6.23linux

linux/Kernel 6.7.0 - 6.7.11linux

linux/Kernel 6.8.0 - 6.8.2linux

Linux/Linux < 4.3

... and 20 more

Published May 17, 2024

Tracked Since Feb 18, 2026