high
7
CWE
362 416
Advisory Published
Updated

CVE-2024-49981: media: venus: fix use after free bug in venus_remove due to race condition

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux kernel>=4.13<5.10.227
Linux kernel>=5.11<5.15.168
Linux kernel>=5.16<6.1.113
Linux kernel>=6.2<6.6.55
Linux kernel>=6.7<6.10.14
Linux kernel>=6.11<6.11.3
Linux Kernel>=4.13<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/10941d4f99a5a34999121b314afcd9c0a1c14f15

Remedy

https://git.kernel.org/stable/c/2a541fcc0bd2b05a458e9613376df1289ec11621

Remedy

https://git.kernel.org/stable/c/60b6968341a6dd5353554f3e72db554693a128a5

Remedy

https://git.kernel.org/stable/c/b0686aedc5f1343442d044bd64eeac7e7a391f4e

Remedy

https://git.kernel.org/stable/c/bf6be32e2d39f6301ff1831e249d32a8744ab28a

Remedy

https://git.kernel.org/stable/c/c5a85ed88e043474161bbfe54002c89c1cb50ee2

Remedy

https://git.kernel.org/stable/c/d925e9f7fb5a2dbefd1a73fc01061f38c7becd4c

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-49981?

    The severity of CVE-2024-49981 is categorized as a medium risk due to a use-after-free vulnerability in the Linux kernel.

  • How do I fix CVE-2024-49981?

    To fix CVE-2024-49981, update your Linux kernel to a version that includes the patch, such as version 6.1.123-1 or higher.

  • What are the affected versions of CVE-2024-49981?

    CVE-2024-49981 affects multiple versions of the Linux kernel, specifically versions between 4.13 and 5.15, as well as versions between 5.16 and 6.11.

  • Is CVE-2024-49981 exploitable?

    Yes, CVE-2024-49981 is exploitable, allowing attackers to potentially cause denial of service or execute arbitrary code.

  • Who is responsible for patching CVE-2024-49981?

    Maintainers of Linux kernel distributions are responsible for patching CVE-2024-49981 and providing updated packages to their users.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203