github - ghsa-vrh2-53xm-76hq

ghsa-vrh2-53xm-76hq

Vulnerability from github

Published

2024-10-21 15:32

Modified

2024-10-22 18:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

media: mediatek: vcodec: Fix H264 stateless decoder smatch warning

Fix a smatch static checker warning on vdec_h264_req_if.c. Which leads to a kernel crash when fb is NULL.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-47752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T13:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
  "id": "GHSA-vrh2-53xm-76hq",
  "modified": "2024-10-22T18:32:10Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47752"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18181b0c1c5bd43846e5e0ae3d61a4a1adceab03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7878d3a385efab560dce793b595447867fb163f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/790d1848fac5ac3b1c474f66162598ab07a20c21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6b9f971b43980de8893610f606d751131fb5d86"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-47752 (GCVE-0-2024-47752)

Vulnerability from cvelistv5

Published

2024-10-21 12:14

Modified

2025-05-04 09:39

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_if.c. Which leads to a kernel crash when fb is NULL.

References

►

URL

Tags

	https://git.kernel.org/stable/c/c6b9f971b43980de8893610f606d751131fb5d86
	https://git.kernel.org/stable/c/18181b0c1c5bd43846e5e0ae3d61a4a1adceab03
	https://git.kernel.org/stable/c/790d1848fac5ac3b1c474f66162598ab07a20c21
	https://git.kernel.org/stable/c/7878d3a385efab560dce793b595447867fb163f2

Impacted products

Vendor

Product

Version

►

Version: 06fa5f757dc5a5687e1cdd13097c3265735f60bf
Version: 06fa5f757dc5a5687e1cdd13097c3265735f60bf
Version: 06fa5f757dc5a5687e1cdd13097c3265735f60bf
Version: 06fa5f757dc5a5687e1cdd13097c3265735f60bf

Version: 5.16

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:57:47.458380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:12.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c6b9f971b43980de8893610f606d751131fb5d86",
              "status": "affected",
              "version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
              "versionType": "git"
            },
            {
              "lessThan": "18181b0c1c5bd43846e5e0ae3d61a4a1adceab03",
              "status": "affected",
              "version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
              "versionType": "git"
            },
            {
              "lessThan": "790d1848fac5ac3b1c474f66162598ab07a20c21",
              "status": "affected",
              "version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
              "versionType": "git"
            },
            {
              "lessThan": "7878d3a385efab560dce793b595447867fb163f2",
              "status": "affected",
              "version": "06fa5f757dc5a5687e1cdd13097c3265735f60bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_if.c.\nWhich leads to a kernel crash when fb is NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:39:07.587Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c6b9f971b43980de8893610f606d751131fb5d86"
        },
        {
          "url": "https://git.kernel.org/stable/c/18181b0c1c5bd43846e5e0ae3d61a4a1adceab03"
        },
        {
          "url": "https://git.kernel.org/stable/c/790d1848fac5ac3b1c474f66162598ab07a20c21"
        },
        {
          "url": "https://git.kernel.org/stable/c/7878d3a385efab560dce793b595447867fb163f2"
        }
      ],
      "title": "media: mediatek: vcodec: Fix H264 stateless decoder smatch warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47752",
    "datePublished": "2024-10-21T12:14:17.097Z",
    "dateReserved": "2024-09-30T16:00:12.961Z",
    "dateUpdated": "2025-05-04T09:39:07.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.