Linux Kernel Videobuf2 Legacy File I/O Buffer Removal Vulnerability

A vulnerability in the Linux kernel's videobuf2 component has been addressed. The issue arose because the vb2_ioctl_remove_bufs() function could interfere with the internal buffer management of queues, potentially corrupting pointers used by the legacy file I/O access mode. To safeguard the internal queue state during consecutive read and write operations, the removal of buffers via this ioctl is now prohibited when legacy file I/O is active.

Impact

Exploitation of this vulnerability could lead to unintended manipulation of the queue's internal buffer list, causing potential overwrites of pointers used by the legacy file I/O access mode.

Reproduction

The vulnerability can be reproduced by invoking the vb2_ioctl_remove_bufs() function while legacy file I/O is active. This will disrupt the internal buffer management, overwriting pointers used by the file I/O access.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.