CVE-2024-56577

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56577
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56577.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56577
Downstream
Related
Published
2024-12-27T14:23:19.725Z
Modified
2025-11-27T02:33:20.388894Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
media: mtk-jpeg: Fix null-ptr-deref during unload module
Details

In the Linux kernel, the following vulnerability has been resolved:

media: mtk-jpeg: Fix null-ptr-deref during unload module

The workqueue should be destroyed in mtkjpegcore.c since commit 09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwise the below calltrace can be easily triggered.

[ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023 [ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] ... [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17 ... [ 677.882838] pc : destroyworkqueue+0x3c/0x770 [ 677.883413] lr : mtkjpegdecdestroyworkqueue+0x70/0x88 [mtkjpegdechw] [ 677.884314] sp : ffff80008ad974f0 [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070 [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690 [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000 [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0 [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10 [ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d [ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90 [ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001 [ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000 [ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118 [ 677.893977] Call trace: [ 677.894297] destroyworkqueue+0x3c/0x770 [ 677.894826] mtkjpegdecdestroyworkqueue+0x70/0x88 [mtkjpegdechw] [ 677.895677] devmactionrelease+0x50/0x90 [ 677.896211] releasenodes+0xe8/0x170 [ 677.896688] devresreleaseall+0xf8/0x178 [ 677.897219] deviceunbindcleanup+0x24/0x170 [ 677.897785] devicereleasedriverinternal+0x35c/0x480 [ 677.898461] devicereleasedriver+0x20/0x38 ... [ 677.912665] ---[ end trace 0000000000000000 ]---

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2024/56xxx/CVE-2024-56577.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
09aea13ecf6f89ed7f18114953695563f64f461c
Fixed
0ba08c21c6a92e6512e73644555120427c9a49d4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
09aea13ecf6f89ed7f18114953695563f64f461c
Fixed
bc3889a39baf783c64c6d628bbb74d76ce164bb1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
09aea13ecf6f89ed7f18114953695563f64f461c
Fixed
17af2b39daf12870cac61ffc360e62bc35798afb

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.64
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.4