Updated: 2026-01-16 02:29:23.518823
Description:
In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2025:1760546935 | 2025-10-15 20:24:55 | |
| CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2025-12-18 19:39:09 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2025-12-18 19:39:09 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2025-12-18 19:39:09 | ||
| Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2025-12-18 19:39:08 | ||
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Ignored | 2026-01-16 09:28:23 | This issue is confined to the az6007 DVB-USB media driver for specific USB TV‑tuner devices (Azure... | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 5.5 | MEDIUM | Ignored | 2026-01-16 09:27:10 | This issue is confined to the az6007 DVB-USB media driver for specific USB TV‑tuner devices (Azure... | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 5.5 | MEDIUM | Ignored | 2026-01-16 09:27:11 | This issue is confined to the az6007 DVB-USB media driver for specific USB TV‑tuner devices (Azure... |