AZL-58033

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58033.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-58033

Upstream

CVE-2024-57978

Published

2025-02-27T02:15:10Z

Modified

2026-04-01T05:19:15.679754Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-57978 affecting package kernel for versions less than 5.15.179.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: Fix potential error pointer dereference in detach_pm()

The proble is on the first line:

if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i]))

If jpeg->pddev[i] is an error pointer, then passing it to pmruntimesuspended() will lead to an Oops. The other conditions check for both error pointers and NULL, but it would be more clear to use the ISERRORNULL() check for that.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-57978

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.179.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58033.json"