Linux Kernel AV7110 Underflow Vulnerability in Timestamp Decoder Function

A vulnerability has been addressed in the Linux kernel's handling of user-supplied data in the AV7110 driver. The issue arose in the 'write_ts_to_decoder' function, where a value from the user could lead to a negative length being passed to a subsequent processing function. This vulnerability affects the Linux kernel stable group.

Impact

The vulnerability could potentially allow for improper handling of data, leading to undefined behavior, although the exact consequences of the underflow were not specified.

Reproduction

The vulnerability can be reproduced by sending a crafted timestamp replay command that includes a 'buf[4]' value exceeding the expected range. This will trigger the underflow by allowing a negative length to be calculated and passed to the 'av7110_ipack_instant_repack' function, bypassing the intended bounds checks.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.