Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-56577

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
27/12/2024
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: mtk-jpeg: Fix null-ptr-deref during unload module<br /> <br /> The workqueue should be destroyed in mtk_jpeg_core.c since commit<br /> 09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwise<br /> the below calltrace can be easily triggered.<br /> <br /> [ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023<br /> [ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]<br /> ...<br /> [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17<br /> ...<br /> [ 677.882838] pc : destroy_workqueue+0x3c/0x770<br /> [ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]<br /> [ 677.884314] sp : ffff80008ad974f0<br /> [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070<br /> [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690<br /> [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000<br /> [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0<br /> [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10<br /> [ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d<br /> [ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90<br /> [ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001<br /> [ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000<br /> [ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118<br /> [ 677.893977] Call trace:<br /> [ 677.894297] destroy_workqueue+0x3c/0x770<br /> [ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]<br /> [ 677.895677] devm_action_release+0x50/0x90<br /> [ 677.896211] release_nodes+0xe8/0x170<br /> [ 677.896688] devres_release_all+0xf8/0x178<br /> [ 677.897219] device_unbind_cleanup+0x24/0x170<br /> [ 677.897785] device_release_driver_internal+0x35c/0x480<br /> [ 677.898461] device_release_driver+0x20/0x38<br /> ...<br /> [ 677.912665] ---[ end trace 0000000000000000 ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4 (including) 6.6.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools