CVE-2024-39464

struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This results in a NULL-pointer dereference if csi2asyncregister() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. The following calls to v4l2asyncnfunregister() results in a NULL pointer dereference. Add the missing list head initializer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b8ec754ae4c563f6aab8c0cb47aeb2eae67f1da3

Fixed

a80d1da923f671c1e6a14e8417cd2f117b27a442

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b8ec754ae4c563f6aab8c0cb47aeb2eae67f1da3

Fixed

44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b8ec754ae4c563f6aab8c0cb47aeb2eae67f1da3

Fixed

6d8acd02c4c6a8f917eefac1de2e035521ca119d

Affected versions

v6.*

v6.5

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

v6.9.3

v6.9.4

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.34

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.9.5