CVE-2024-38549

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-38549
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38549.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38549
Downstream
Related
Published
2024-06-19T13:35:22.042Z
Modified
2026-05-15T11:54:45.761566792Z
Summary
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: Add 0 size check to mtkdrmgem_obj

Add a check to mtkdrmgem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer.

Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38549.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.7.0
Fixed
4.19.316
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.278
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.219
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.161
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.93
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.12
Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38549.json"