Severity: 1/4
 Consequences: denial of service of computer
 Provenance: intranet client
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 01/03/2010

IMPACTED PRODUCTS

 Linux kernel

DESCRIPTION OF THE VULNERABILITY

The Linux kernel supports DVB (Digital Video Broadcasting). MPEG2 video data are for example received via a satellite dish, the cable or a digital terrestrial television.

The MPEG2-TS (Transport Stream) protocol for example manages the error correction, and it is used by DVB.

The RFC 4326 defines ULE (Unidirectional Lightweight Encapsulation), which is used to transport IP packets on MPEG2-TS.

However, when the ULE Payload Pointer field is 182 or 183, an infinite loop occurs in the dvb_net_ule() function of the drivers/media/dvb/dvb-core/dvb_net.c file.

An attacker can therefore send a malformed DVB/MPEG2-TS frame, in order to block the system.

CHARACTERISTICS

 Identifiers: VIGILANCE-VUL-9481
 Url: http://vigilance.fr/vulnerability/L...