Products
Linux kernel
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Tags
CVE-2024-42313 details
Published : Aug. 17, 2024, 9:15 a.m.
Last Modified : Aug. 17, 2024, 9:15 a.m.
Last Modified : Aug. 17, 2024, 9:15 a.m.
Description
In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
This website uses the NVD API, but is not approved or certified by it.