CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-35921

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed in case of a failure in the deinit function. Only store the instance pointer when the initialization was successful, to solve this issue. Hardware name: Acer Tomato (rev3 - 4) board (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] lr : vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] sp : ffff80008750bc20 x29: ffff80008750bc20 x28: ffff1299f6d70000 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: ffff80008750bc98 x22: 000000000000a003 x21: ffffd45c4cfae000 x20: 0000000000000010 x19: ffff1299fd668310 x18: 000000000000001a x17: 000000040044ffff x16: ffffd45cb15dc648 x15: 0000000000000000 x14: ffff1299c08da1c0 x13: ffffd45cb1f87a10 x12: ffffd45cb2f5fe80 x11: 0000000000000001 x10: 0000000000001b30 x9 : ffffd45c4d12b488 x8 : 1fffe25339380d81 x7 : 0000000000000001 x6 : ffff1299c9c06c00 x5 : 0000000000000132 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000010 x1 : ffff80008750bc98 x0 : 0000000000000000 Call trace: vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] vpu_dec_deinit+0x1c/0x30 [mtk_vcodec_dec] vdec_hevc_slice_deinit+0x30/0x98 [mtk_vcodec_dec] vdec_if_deinit+0x38/0x68 [mtk_vcodec_dec] mtk_vcodec_dec_release+0x20/0x40 [mtk_vcodec_dec] fops_vcodec_release+0x64/0x118 [mtk_vcodec_dec] v4l2_release+0x7c/0x100 __fput+0x80/0x2d8 __fput_sync+0x58/0x70 __arm64_sys_close+0x40/0x90 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0xd8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x1a8/0x1b0 Code: d503201f f9401660 b900127f b900227f (f9400400)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.3%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2024-35921

Linux » Linux Kernel » Version: 6.5

cpe:2.3:o:linux:linux_kernel:6.5
Linux » Linux Kernel » Version: 6.5.1

cpe:2.3:o:linux:linux_kernel:6.5.1
Linux » Linux Kernel » Version: 6.5.10

cpe:2.3:o:linux:linux_kernel:6.5.10
Linux » Linux Kernel » Version: 6.5.11

cpe:2.3:o:linux:linux_kernel:6.5.11
Linux » Linux Kernel » Version: 6.5.12

cpe:2.3:o:linux:linux_kernel:6.5.12
Linux » Linux Kernel » Version: 6.5.13

cpe:2.3:o:linux:linux_kernel:6.5.13
Linux » Linux Kernel » Version: 6.5.2

cpe:2.3:o:linux:linux_kernel:6.5.2
Linux » Linux Kernel » Version: 6.5.3

cpe:2.3:o:linux:linux_kernel:6.5.3
Linux » Linux Kernel » Version: 6.5.4

cpe:2.3:o:linux:linux_kernel:6.5.4
Linux » Linux Kernel » Version: 6.5.5

cpe:2.3:o:linux:linux_kernel:6.5.5
Linux » Linux Kernel » Version: 6.5.6

cpe:2.3:o:linux:linux_kernel:6.5.6
Linux » Linux Kernel » Version: 6.5.7

cpe:2.3:o:linux:linux_kernel:6.5.7
Linux » Linux Kernel » Version: 6.5.8

cpe:2.3:o:linux:linux_kernel:6.5.8
Linux » Linux Kernel » Version: 6.5.9

cpe:2.3:o:linux:linux_kernel:6.5.9
Linux » Linux Kernel » Version: 6.6

cpe:2.3:o:linux:linux_kernel:6.6
Linux » Linux Kernel » Version: 6.6.1

cpe:2.3:o:linux:linux_kernel:6.6.1
Linux » Linux Kernel » Version: 6.6.10

cpe:2.3:o:linux:linux_kernel:6.6.10
Linux » Linux Kernel » Version: 6.6.11

cpe:2.3:o:linux:linux_kernel:6.6.11
Linux » Linux Kernel » Version: 6.6.12

cpe:2.3:o:linux:linux_kernel:6.6.12
Linux » Linux Kernel » Version: 6.6.13

cpe:2.3:o:linux:linux_kernel:6.6.13
Linux » Linux Kernel » Version: 6.6.14

cpe:2.3:o:linux:linux_kernel:6.6.14
Linux » Linux Kernel » Version: 6.6.15

cpe:2.3:o:linux:linux_kernel:6.6.15
Linux » Linux Kernel » Version: 6.6.16

cpe:2.3:o:linux:linux_kernel:6.6.16
Linux » Linux Kernel » Version: 6.6.17

cpe:2.3:o:linux:linux_kernel:6.6.17
Linux » Linux Kernel » Version: 6.6.18

cpe:2.3:o:linux:linux_kernel:6.6.18
Linux » Linux Kernel » Version: 6.6.19

cpe:2.3:o:linux:linux_kernel:6.6.19
Linux » Linux Kernel » Version: 6.6.2

cpe:2.3:o:linux:linux_kernel:6.6.2
Linux » Linux Kernel » Version: 6.6.20

cpe:2.3:o:linux:linux_kernel:6.6.20
Linux » Linux Kernel » Version: 6.6.21

cpe:2.3:o:linux:linux_kernel:6.6.21
Linux » Linux Kernel » Version: 6.6.22

cpe:2.3:o:linux:linux_kernel:6.6.22
Linux » Linux Kernel » Version: 6.6.23

cpe:2.3:o:linux:linux_kernel:6.6.23
Linux » Linux Kernel » Version: 6.6.24

cpe:2.3:o:linux:linux_kernel:6.6.24
Linux » Linux Kernel » Version: 6.6.25

cpe:2.3:o:linux:linux_kernel:6.6.25
Linux » Linux Kernel » Version: 6.6.26

cpe:2.3:o:linux:linux_kernel:6.6.26
Linux » Linux Kernel » Version: 6.6.3

cpe:2.3:o:linux:linux_kernel:6.6.3
Linux » Linux Kernel » Version: 6.6.4

cpe:2.3:o:linux:linux_kernel:6.6.4
Linux » Linux Kernel » Version: 6.6.5

cpe:2.3:o:linux:linux_kernel:6.6.5
Linux » Linux Kernel » Version: 6.6.6

cpe:2.3:o:linux:linux_kernel:6.6.6
Linux » Linux Kernel » Version: 6.6.7

cpe:2.3:o:linux:linux_kernel:6.6.7
Linux » Linux Kernel » Version: 6.6.8

cpe:2.3:o:linux:linux_kernel:6.6.8
Linux » Linux Kernel » Version: 6.6.9

cpe:2.3:o:linux:linux_kernel:6.6.9
Linux » Linux Kernel » Version: 6.7

cpe:2.3:o:linux:linux_kernel:6.7
Linux » Linux Kernel » Version: 6.7.1

cpe:2.3:o:linux:linux_kernel:6.7.1
Linux » Linux Kernel » Version: 6.7.10

cpe:2.3:o:linux:linux_kernel:6.7.10
Linux » Linux Kernel » Version: 6.7.11

cpe:2.3:o:linux:linux_kernel:6.7.11
Linux » Linux Kernel » Version: 6.7.12

cpe:2.3:o:linux:linux_kernel:6.7.12
Linux » Linux Kernel » Version: 6.7.2

cpe:2.3:o:linux:linux_kernel:6.7.2
Linux » Linux Kernel » Version: 6.7.3

cpe:2.3:o:linux:linux_kernel:6.7.3
Linux » Linux Kernel » Version: 6.7.4

cpe:2.3:o:linux:linux_kernel:6.7.4
Linux » Linux Kernel » Version: 6.7.5

cpe:2.3:o:linux:linux_kernel:6.7.5
Linux » Linux Kernel » Version: 6.7.6

cpe:2.3:o:linux:linux_kernel:6.7.6
Linux » Linux Kernel » Version: 6.7.7

cpe:2.3:o:linux:linux_kernel:6.7.7
Linux » Linux Kernel » Version: 6.7.8

cpe:2.3:o:linux:linux_kernel:6.7.8
Linux » Linux Kernel » Version: 6.7.9

cpe:2.3:o:linux:linux_kernel:6.7.9
Linux » Linux Kernel » Version: 6.8

cpe:2.3:o:linux:linux_kernel:6.8
Linux » Linux Kernel » Version: 6.8.1

cpe:2.3:o:linux:linux_kernel:6.8.1
Linux » Linux Kernel » Version: 6.8.2

cpe:2.3:o:linux:linux_kernel:6.8.2
Linux » Linux Kernel » Version: 6.8.3

cpe:2.3:o:linux:linux_kernel:6.8.3
Linux » Linux Kernel » Version: 6.8.4

cpe:2.3:o:linux:linux_kernel:6.8.4
Linux » Linux Kernel » Version: 6.8.5

cpe:2.3:o:linux:linux_kernel:6.8.5
Linux » Linux Kernel » Version: 6.9

cpe:2.3:o:linux:linux_kernel:6.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-35921

Products

Pricing

Contact Us