Linux Kernel Array Index Out-of-Bounds Vulnerability in pvrusb2 Media Driver

Vulnerability

An array index out-of-bounds vulnerability has been identified in the Linux kernel's pvrusb2 media driver. The issue arises because the unit_number is initialized to -1 and, if the initialization table walk fails, this value remains unchanged. The code then uses this unvalidated value for array indexing, leading to potential out-of-bounds access. The vulnerability was reported by Syzbot.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, which may cause a denial of service or potentially allow for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Array Index Out-of-Bounds Vulnerability in pvrusb2 Media Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating