In the Linux kernel, the following vulnerability has been resolved:
media: venus: fix use after free in vdec_close
There appears to be a possible use after free with vdec_close().
The firmware will add buffer release work to the work queue through
HFI callbacks as a normal part of decoding. Randomly closing the
decoder device from userspace during normal decoding can incur
a read after free for inst.
Fix it by cancelling the work in vdec_close.
References
Configurations
Configuration 1 (hide)
|
History
22 Aug 2024, 16:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Linux linux Kernel
Linux |
|
CWE | CWE-416 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | () https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36 - Patch | |
References | () https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635 - Patch | |
References | () https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2 - Patch | |
References | () https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567 - Patch | |
References | () https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e - Patch | |
References | () https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6 - Patch | |
References | () https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad - Patch | |
References | () https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282 - Patch |
19 Aug 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Aug 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Aug 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-17 09:15
Updated : 2024-08-22 16:01
NVD link : CVE-2024-42313
Mitre link : CVE-2024-42313
CVE.ORG link : CVE-2024-42313
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free