CVE-2020-11609: 
Linux Kernel vulnerability analysis and mitigation

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. The vulnerability affects drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c files, where invalid descriptors are mishandled, leading to a NULL pointer dereference (CVE ID: CVE-2020-11609). The vulnerability was discovered in April 2020 and affects Linux kernel versions prior to 5.6.1 (Kernel Changelog).

The vulnerability stems from missing descriptor sanity checks in the stv06xx USB camera driver subsystem. Specifically, the driver fails to verify that it has two alternate settings and at least one endpoint before accessing the second altsetting structure and dereferencing the endpoint arrays. This can lead to NULL pointer dereferences or memory corruption when a device does not have the expected descriptors. The vulnerability has a CVSS v3.1 Base Score of 4.3 (MEDIUM) with vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to a denial of service (system crash) through NULL pointer dereference. The attack requires physical access to the system and can only be triggered by a specially constructed USB device (Ubuntu Security).

The vulnerability was fixed in Linux kernel version 5.6.1 through commit 485b06aadb933190f4bc44e006076bc27a23f205, which added proper descriptor sanity checks. Users should upgrade their Linux kernel to version 5.6.1 or later. For systems that cannot be immediately upgraded, limiting physical access to USB ports can help mitigate the risk (Kernel Commit).