CVE-2024-35920
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35920
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35920.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-35920
- Downstream
- Published
- 2024-05-19T10:10:32Z
- Modified
- 2025-10-17T03:49:37.727071Z
- Summary
- media: mediatek: vcodec: adding lock to protect decoder context list
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: adding lock to protect decoder context list
Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpudecipihandler' function when the ctx_list has been deleted due to an unexpected behavior on the SCP IP block.
Hardware name: Google juniper sku16 board (DT) pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--) pc : vpudecipihandler+0x58/0x1f8 [mtkvcodecdec] lr : scpipihandler+0xd0/0x194 [mtkscp] sp : ffffffc0131dbbd0 x29: ffffffc0131dbbd0 x28: 0000000000000000 x27: ffffff9bb277f348 x26: ffffff9bb242ad00 x25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4 x23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0 x21: 0000000000000010 x20: ffffff9b050ea328 x19: ffffffc0131dbc08 x18: 0000000000001000 x17: 0000000000000000 x16: ffffffd2d461c6e0 x15: 0000000000000242 x14: 000000000000018f x13: 000000000000004d x12: 0000000000000000 x11: 0000000000000001 x10: fffffffffffffff0 x9 : ffffff9bb6e793a8 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : fffffffffffffff0 x3 : 0000000000000020 x2 : ffffff9bb6e79080 x1 : 0000000000000010 x0 : ffffffc0131dbc08 Call trace: vpudecipihandler+0x58/0x1f8 [mtkvcodecdec (HASH:6c3f 2)] scpipihandler+0xd0/0x194 [mtkscp (HASH:7046 3)] mt8183scpirqhandler+0x44/0x88 [mtkscp (HASH:7046 3)] scpirqhandler+0x48/0x90 [mtkscp (HASH:7046 3)] irqthreadfn+0x38/0x94 irqthread+0x100/0x1c0 kthread+0x140/0x1fc retfromfork+0x10/0x30 Code: 54000088 f94ca50a eb14015f 54000060 (f9400108) ---[ end trace ace43ce36cbd5c93 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs Kernel Offset: 0x12c4000000 from 0xffffffc010000000 PHYS_OFFSET: 0xffffffe580000000 CPU features: 0x08240002,2188200c Memory Limit: none
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced655b86e52eacdce79c2e02c5ec7258a97fcc2e4aFixed0a2dc707aa42214f9c4827bd57e344e29a0841d6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced655b86e52eacdce79c2e02c5ec7258a97fcc2e4aFixed23aaf824121055ba81b55f75444355bd83c8eb38
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced655b86e52eacdce79c2e02c5ec7258a97fcc2e4aFixed6467cda18c9f9b5f2f9a0aa1e2861c653e41f382
Affected versions
v6.*
v6.5
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.9-rc1
Database specific
vanir_signatures
[
{
"id": "CVE-2024-35920-0105c5ed",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "mtk_vcodec_probe"
},
"digest": {
"function_hash": "115753221102911534160618618800592710365",
"length": 4782.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-1662f602",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
},
"digest": {
"line_hashes": [
"111525369104764630576904166133492023007",
"96683973341081187511924608510391582893",
"236946158805997910872978397316821795546",
"219719958509091810985308158828116569121",
"293441550668723431610226360632853070800",
"169317480244526058487192841262079353247",
"51451968982486331463192885396993777778",
"201541717412904143452260414197344225132",
"84707952038255145104404576871597196941"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-1cd41b53",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
},
"digest": {
"line_hashes": [
"111525369104764630576904166133492023007",
"96683973341081187511924608510391582893",
"236946158805997910872978397316821795546",
"219719958509091810985308158828116569121",
"293441550668723431610226360632853070800",
"169317480244526058487192841262079353247",
"51451968982486331463192885396993777778",
"201541717412904143452260414197344225132",
"84707952038255145104404576871597196941"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-212913cf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "fops_vcodec_release"
},
"digest": {
"function_hash": "274777254710547059712008222052801014183",
"length": 475.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-226c6229",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "fops_vcodec_release"
},
"digest": {
"function_hash": "274777254710547059712008222052801014183",
"length": 475.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-2e517396",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "mtk_vcodec_probe"
},
"digest": {
"function_hash": "216838261905398840127989839726572135262",
"length": 4931.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-2e5f132f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "fops_vcodec_open"
},
"digest": {
"function_hash": "120419178522660240579437164197845789732",
"length": 2243.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-3577e2c5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c"
},
"digest": {
"line_hashes": [
"64949650554066159728456193918489618347",
"158068109613780366740817652195131369906",
"62975130083541543761709383523465795730",
"290165607648059968988727529683841753325",
"286654773418961346594916534262710290427",
"20339258199910500749801636622219257466",
"82585803214609845641709910685759882426",
"285342573096105431068086048384963364498",
"171220970104895500373129603273944277028"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-3e74399c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c"
},
"digest": {
"line_hashes": [
"323101691788918659025813413651286375936",
"320671284389360104099588758702443612575",
"245831805824137942546144966952075667736",
"283343271777370770016610596488093326252",
"187040843299768621702629370436257516918",
"82813403473480939823346542326824251128",
"302191859711334412288337766942202383218",
"81109479187889575356943484801351883078",
"263106660131588920455213319001689257687",
"149224063649337503775737526107912997418",
"134675756731441379169884562191972440173",
"29797391068933180407096747640511032721",
"237111050526210268781474541544151531629"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-4f3f81d9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h"
},
"digest": {
"line_hashes": [
"72667595298215085209948979757426353805",
"99687310172282265428013552655199628871",
"173128662430607795684426351054951179421",
"147643397221052474011667299679896928109",
"245289594220694218571337891030036084139",
"218748569445808592629631732124044150580",
"335740685231937914525445086400054157296"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-637a674c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h"
},
"digest": {
"line_hashes": [
"72667595298215085209948979757426353805",
"99687310172282265428013552655199628871",
"173128662430607795684426351054951179421",
"147643397221052474011667299679896928109",
"245289594220694218571337891030036084139",
"218748569445808592629631732124044150580",
"335740685231937914525445086400054157296"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-645c5f82",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c"
},
"digest": {
"line_hashes": [
"111525369104764630576904166133492023007",
"96683973341081187511924608510391582893",
"236946158805997910872978397316821795546",
"219719958509091810985308158828116569121",
"293441550668723431610226360632853070800",
"169317480244526058487192841262079353247",
"51451968982486331463192885396993777778",
"201541717412904143452260414197344225132",
"84707952038255145104404576871597196941"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-67812dd4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h"
},
"digest": {
"line_hashes": [
"72667595298215085209948979757426353805",
"99687310172282265428013552655199628871",
"173128662430607795684426351054951179421",
"147643397221052474011667299679896928109",
"245289594220694218571337891030036084139",
"218748569445808592629631732124044150580",
"335740685231937914525445086400054157296"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-7b047f29",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c"
},
"digest": {
"line_hashes": [
"64949650554066159728456193918489618347",
"158068109613780366740817652195131369906",
"62975130083541543761709383523465795730",
"290165607648059968988727529683841753325",
"286654773418961346594916534262710290427",
"20339258199910500749801636622219257466",
"82585803214609845641709910685759882426",
"285342573096105431068086048384963364498",
"171220970104895500373129603273944277028"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-7dda5780",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "fops_vcodec_open"
},
"digest": {
"function_hash": "120419178522660240579437164197845789732",
"length": 2243.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-8ef5ce71",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c"
},
"digest": {
"line_hashes": [
"64949650554066159728456193918489618347",
"158068109613780366740817652195131369906",
"62975130083541543761709383523465795730",
"290165607648059968988727529683841753325",
"286654773418961346594916534262710290427",
"20339258199910500749801636622219257466",
"82585803214609845641709910685759882426",
"285342573096105431068086048384963364498",
"171220970104895500373129603273944277028"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-aba8146d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "fops_vcodec_release"
},
"digest": {
"function_hash": "274777254710547059712008222052801014183",
"length": 475.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-b3835873",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c",
"function": "vpu_dec_check_ap_inst"
},
"digest": {
"function_hash": "174464792292754686195608430766785105668",
"length": 246.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-c09e6e83",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c",
"function": "vpu_dec_check_ap_inst"
},
"digest": {
"function_hash": "174464792292754686195608430766785105668",
"length": 246.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
},
{
"id": "CVE-2024-35920-c6f8a170",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c"
},
"digest": {
"line_hashes": [
"323101691788918659025813413651286375936",
"320671284389360104099588758702443612575",
"245831805824137942546144966952075667736",
"283343271777370770016610596488093326252",
"187040843299768621702629370436257516918",
"82813403473480939823346542326824251128",
"302191859711334412288337766942202383218",
"81109479187889575356943484801351883078",
"263106660131588920455213319001689257687",
"149224063649337503775737526107912997418",
"134675756731441379169884562191972440173",
"29797391068933180407096747640511032721",
"237111050526210268781474541544151531629"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-cb467d02",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "fops_vcodec_open"
},
"digest": {
"function_hash": "120419178522660240579437164197845789732",
"length": 2243.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-e86a6422",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c",
"function": "mtk_vcodec_probe"
},
"digest": {
"function_hash": "216838261905398840127989839726572135262",
"length": 4931.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6467cda18c9f9b5f2f9a0aa1e2861c653e41f382"
},
{
"id": "CVE-2024-35920-ed69f5f2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c",
"function": "vpu_dec_check_ap_inst"
},
"digest": {
"function_hash": "174464792292754686195608430766785105668",
"length": 246.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23aaf824121055ba81b55f75444355bd83c8eb38"
},
{
"id": "CVE-2024-35920-f63ef042",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c"
},
"digest": {
"line_hashes": [
"323101691788918659025813413651286375936",
"320671284389360104099588758702443612575",
"245831805824137942546144966952075667736",
"283343271777370770016610596488093326252",
"187040843299768621702629370436257516918",
"82813403473480939823346542326824251128",
"302191859711334412288337766942202383218",
"81109479187889575356943484801351883078",
"263106660131588920455213319001689257687",
"149224063649337503775737526107912997418",
"134675756731441379169884562191972440173",
"29797391068933180407096747640511032721",
"237111050526210268781474541544151531629"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2dc707aa42214f9c4827bd57e344e29a0841d6"
}
]