- Vulnerability/
- CVE-2023-52888
30/7/2024
4/11/2024
CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL
First published: Tue Jul 30 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | <=5.10.223-1<=5.10.226-1<=6.1.115-1<=6.1.112-1 | 6.11.7-1 6.11.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04
- https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91
- https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52888
- https://nvd.nist.gov/vuln/detail/CVE-2023-52888
- https://launchpad.net/bugs/cve/CVE-2023-52888
- https://security-tracker.debian.org/tracker/CVE-2023-52888
- https://ubuntu.com/security/CVE-2023-52888
- https://git.kernel.org/linus/eb005c801ec70ff4307727bd3bd6e8280169ef32
- agent/severity
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- package-manager/debian