{"uuid": "d8d4f130-3b3d-40b6-b610-0f04eec86187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56769", "type": "seen", "source": "https://t.me/cvedetector/14374", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56769 - DVB-USB KMSAN Uninitialized Value in Dib3000 Frontend\", \n  \"Content\": \"CVE ID : CVE-2024-56769 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmedia: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg  \n  \nSyzbot reports [1] an uninitialized value issue found by KMSAN in  \ndib3000_read_reg().  \n  \nLocal u8 rb[2] is used in i2c_transfer() as a read buffer; in case  \nthat call fails, the buffer may end up with some undefined values.  \n  \nSince no elaborate error handling is expected in dib3000_write_reg(),  \nsimply zero out rb buffer to mitigate the problem.  \n  \n[1] Syzkaller report  \ndvb-usb: bulk message failed: -22 (6/0)  \n=====================================================  \nBUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758  \n dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758  \n dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31  \n dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290  \n dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline]  \n dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline]  \n dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310  \n dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110  \n...  \nLocal variable rb created at:  \n dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54  \n dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758  \n... \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:26.000000Z"}