CVE-2024-42313
Published: Aug 17, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected af2c3834c8ca7cc65d15592ac671933df8848115 - < ad8cf035baf29467158e0550c7a42b7bb43d1db6affected af2c3834c8ca7cc65d15592ac671933df8848115 - < 72aff311194c8ceda934f24fd6f250b8827d7567affected af2c3834c8ca7cc65d15592ac671933df8848115 - < 4c9d235630d35db762b85a4149bbb0be9d504c36affected af2c3834c8ca7cc65d15592ac671933df8848115 - < f8e9a63b982a8345470c225679af4ba86e4a7282affected af2c3834c8ca7cc65d15592ac671933df8848115 - < da55685247f409bf7f976cc66ba2104df75d8dad+3 more versions |
Linux | Linux | affected 4.13unaffected 0 - < 4.13unaffected 4.19.320 - <= 4.19.*unaffected 5.4.282 - <= 5.4.*unaffected 5.10.224 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now