{"timestamp":"2025-10-01T20:01:59.850409Z","id":"CVE-2024-56575","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2db16c6ed72ce644d5639b3ed15e5817442db4ba","lessThan":"f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5","versionType":"git","status":"affected"},{"version":"2db16c6ed72ce644d5639b3ed15e5817442db4ba","lessThan":"12914fd765ba4f9d6a9a50439e8dd2e9f91423f2","versionType":"git","status":"affected"},{"version":"2db16c6ed72ce644d5639b3ed15e5817442db4ba","lessThan":"b7a830bbc25da0f641e3ef2bac3b1766b2777a8b","versionType":"git","status":"affected"},{"version":"2db16c6ed72ce644d5639b3ed15e5817442db4ba","lessThan":"2f86d104539fab9181ea7b5721f40e7b92a8bf67","versionType":"git","status":"affected"},{"version":"2db16c6ed72ce644d5639b3ed15e5817442db4ba","lessThan":"fd0af4cd35da0eb550ef682b71cda70a4e36f6b9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"5.15.174","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.120","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.64","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.4","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.13","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST CWE-476

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.13 up to (excluding) 5.15.174
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.64
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.4

https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2 No Types Assigned

https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2 Patch

https://git.kernel.org/stable/c/2f86d104539fab9181ea7b5721f40e7b92a8bf67 No Types Assigned

https://git.kernel.org/stable/c/2f86d104539fab9181ea7b5721f40e7b92a8bf67 Patch

https://git.kernel.org/stable/c/b7a830bbc25da0f641e3ef2bac3b1766b2777a8b No Types Assigned

https://git.kernel.org/stable/c/b7a830bbc25da0f641e3ef2bac3b1766b2777a8b Patch

https://git.kernel.org/stable/c/f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5 No Types Assigned

https://git.kernel.org/stable/c/f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5 Patch

https://git.kernel.org/stable/c/fd0af4cd35da0eb550ef682b71cda70a4e36f6b9 No Types Assigned

https://git.kernel.org/stable/c/fd0af4cd35da0eb550ef682b71cda70a4e36f6b9 Patch

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: Ensure power suppliers be suspended before detach them

The power suppliers are always requested to suspend asynchronously,
dev_pm_domain_detach() requires the caller to ensure proper
synchronization of this function with power management callbacks.
otherwise the detach may led to kernel panic, like below:

[ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040
[ 1457.116777] Mem abort info:
[ 1457.119589]   ESR = 0x0000000096000004
[ 1457.123358]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 1457.128692]   SET = 0, FnV = 0
[ 1457.131764]   EA = 0, S1PTW = 0
[ 1457.134920]   FSC = 0x04: level 0 translation fault
[ 1457.139812] Data abort info:
[ 1457.142707]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 1457.148196]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 1457.153256]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000
[ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000
[ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec]
[ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66
[ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT)
[ 1457.199236] Workqueue: pm pm_runtime_work
[ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290
[ 1457.214886] lr : __rpm_callback+0x48/0x1d8
[ 1457.218968] sp : ffff80008250bc50
[ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000
[ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240
[ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008
[ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff
[ 1457.250766] x17: 5300326563697665 x1

https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2

https://git.kernel.org/stable/c/2f86d104539fab9181ea7b5721f40e7b92a8bf67

https://git.kernel.org/stable/c/b7a830bbc25da0f641e3ef2bac3b1766b2777a8b

https://git.kernel.org/stable/c/f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5

https://git.kernel.org/stable/c/fd0af4cd35da0eb550ef682b71cda70a4e36f6b9