CVE-2024-38547 in Linuxinformazioni

Riassunto

di MITRE • 19/06/2024

In the Linux kernel, the following vulnerability has been resolved:

media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries

The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain:

sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries()

In unload_video_binaries(), it calls to ia_css_binary_unload with argument &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the
same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer dereference is triggered.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Prenotare

18/06/2024

Divulgazione

19/06/2024

Moderazione

accettato

CPE

pronto

EPSS

0.00256

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!