U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-52491 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if error happens in mtk_jpeg_set_dec_dst, it will finally start the worker while mark the job as finished by invoking v4l2_m2m_job_finish. There are two methods to trigger the bug. If we remove the module, it which will call mtk_jpeg_remove to make cleanup. The possible sequence is as follows, which will cause a use-after-free bug. CPU0 CPU1 mtk_jpeg_dec_... | start worker | |mtk_jpeg_job_timeout_work mtk_jpeg_remove | v4l2_m2m_release | kfree(m2m_dev); | | | v4l2_m2m_get_curr_priv | m2m_dev->curr_ctx //use If we close the file descriptor, which will call mtk_jpeg_release, it will have a similar sequence. Fix this bug by starting timeout worker only if started jpegdec worker successfully. Then v4l2_m2m_job_finish will only be called in either mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590
https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590
https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e
https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e
https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9
https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9
https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c
https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c
https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7
https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7
https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6
https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Weakness Enumeration

CWE-ID CWE Name Source

Change History

6 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52491
NVD Published Date:
03/11/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org