CVE-2024-56577: media: mtk-jpeg: Fix null-ptr-deref during unload module
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtk_jpeg_core.c since commit 09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwise the below calltrace can be easily triggered. [ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023 [ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] ... [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17 ... [ 677.882838] pc : destroy_workqueue+0x3c/0x770 [ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.884314] sp : ffff80008ad974f0 [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070 [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690 [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000 [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0 [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10 [ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d [ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90 [ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001 [ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000 [ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118 [ 677.893977] Call trace: [ 677.894297] destroy_workqueue+0x3c/0x770 [ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.895677] devm_action_release+0x50/0x90 [ 677.896211] release_nodes+0xe8/0x170 [ 677.896688] devres_release_all+0xf8/0x178 [ 677.897219] device_unbind_cleanup+0x24/0x170 [ 677.897785] device_release_driver_internal+0x35c/0x480 [ 677.898461] device_release_driver+0x20/0x38 ... [ 677.912665] ---[ end trace 0000000000000000 ]---
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.4<6.6.64 | |
| Linux Kernel | >=6.7<6.12.4 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0ba08c21c6a92e6512e73644555120427c9a49d4
- https://git.kernel.org/stable/c/bc3889a39baf783c64c6d628bbb74d76ce164bb1
- https://git.kernel.org/stable/c/17af2b39daf12870cac61ffc360e62bc35798afb
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56577
- https://nvd.nist.gov/vuln/detail/CVE-2024-56577
- https://launchpad.net/bugs/cve/CVE-2024-56577
- https://security-tracker.debian.org/tracker/CVE-2024-56577
- https://ubuntu.com/security/CVE-2024-56577
- https://git.kernel.org/linus/17af2b39daf12870cac61ffc360e62bc35798afb
Frequently Asked Questions
What is the severity of CVE-2024-56577?
CVE-2024-56577 is considered a medium severity vulnerability in the Linux kernel.
How do I fix CVE-2024-56577?
To fix CVE-2024-56577, update your Linux kernel to a patched version, such as 5.10.223-1, 6.1.129-1, or later.
What software versions are affected by CVE-2024-56577?
CVE-2024-56577 affects Linux kernel versions between 6.4 and 6.6.64, and also versions between 6.7 and 6.12.4.
What does CVE-2024-56577 exploit?
CVE-2024-56577 exploits a null pointer dereference during module unloading in the mtk-jpeg subsystem of the Linux kernel.
Is CVE-2024-56577 fixed in the latest Linux kernel release?
Yes, CVE-2024-56577 is resolved in recent releases of the Linux kernel, including versions after the patched commits.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.4
- version/linux kernel/6.7
- package-manager/debian