CVE-2024-39464

June 25, 2024, 6:50 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head. This results in a NULL-pointer dereference if csi2_async_register() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. The following calls to v4l2_async_nf_unregister() results in a NULL pointer dereference. Add the missing list head initializer.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad
https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d
https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-06-25
CVE-2024-39464

Timeline

Published: June 25, 2024, 3:15 p.m.
Last Modified: June 25, 2024, 6:50 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.