Linux Kernel usbtv Driver Unmapped Memory Access Vulnerability

A vulnerability in the Linux kernel's usbtv driver can lead to a crash when streaming video. This occurs if one program changes the TV standard from NTSC to PAL while another is actively streaming. The switch to PAL increases the resolution in the usbtv structure, but the corresponding video buffer isn't properly adjusted, causing an overflow and a crash due to an attempt to access unmapped memory.

Impact

The vulnerability causes a kernel crash by attempting to access unmapped memory, leading to a denial of service.

Reproduction

To reproduce this vulnerability, stream video using a program like ffplay. While the video is streaming, use another program, such as qv4l2, to change the TV standard from NTSC to PAL. This will trigger the kernel crash by causing an overflow in the video buffer, as the usbtv structure's resolution is increased without a proper adjustment to the video plane buffer.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.