CVE-2024-42313

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-42313
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42313.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42313
Downstream
Related
Published
2024-08-17T09:09:17.334Z
Modified
2026-03-20T12:38:46.670375Z
Summary
media: venus: fix use after free in vdec_close
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: fix use after free in vdec_close

There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst.

Fix it by cancelling the work in vdec_close.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42313.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af2c3834c8ca7cc65d15592ac671933df8848115
Fixed
ad8cf035baf29467158e0550c7a42b7bb43d1db6
Fixed
72aff311194c8ceda934f24fd6f250b8827d7567
Fixed
4c9d235630d35db762b85a4149bbb0be9d504c36
Fixed
f8e9a63b982a8345470c225679af4ba86e4a7282
Fixed
da55685247f409bf7f976cc66ba2104df75d8dad
Fixed
66fa52edd32cdbb675f0803b3c4da10ea19b6635
Fixed
6a96041659e834dc0b172dda4b2df512d63920c2
Fixed
a0157b5aa34eb43ec4c5510f9c260bbb03be937e

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42313.json"