CVE-2024-53056
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()
In mtk_crtc_create(), if the call to mbox_request_channel() fails then we set the "mtk_crtc->cmdq_client.chan" pointer to NULL. In that situation, we do not call cmdq_pkt_create().
During the cleanup, we need to check if the "mtk_crtc->cmdq_client.chan" is NULL first before calling cmdq_pkt_destroy(). Calling cmdq_pkt_destroy() is unnecessary if we didn't call cmdq_pkt_create() and it will result in a NULL pointer dereference.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7627122fd1c06800a1fe624e9fb3c269796115e8 < c60583a87cb4a85b69d1f448f0be5eb6ec62cbb2 | affected |
| Linux | Linux | 7627122fd1c06800a1fe624e9fb3c269796115e8 < 4018651ba5c409034149f297d3dd3328b91561fd | affected |
| Linux | Linux | 2c4396693698e876e559768d3d3a150c672ec384 | affected |
| Linux | Linux | 5.15.54 < 5.16 | affected |
| Linux | Linux | 5.17 | affected |
| Linux | Linux | 0 < 5.17 | unaffected |
| Linux | Linux | 6.11.7 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/c60583a87cb4a85b69d1f448f0be5eb6ec62cbb2
- https://git.kernel.org/stable/c/4018651ba5c409034149f297d3dd3328b91561fd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.