cve/published/2024/CVE-2024-47753.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning

 Fix a smatch static checker warning on vdec_vp8_req_if.c.
 Which leads to a kernel crash when fb is NULL.

 The Linux kernel CVE team has assigned CVE-2024-47753 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.1.132 with commit 4e0713c79cf5d0b549fa855e230ade1ff83c27d7
 	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.6.54 with commit dbe5b7373801c261f3ea118145fbb2caac5f9324
 	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.10.13 with commit 35cc704622b3a9bc02a4755d5ba80238eee3cdc2
 	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.11.2 with commit 3167aa42941b68405a092df114453ef0f1b09c2c
 	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.12 with commit b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-47753
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7
 	https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324
 	https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2
 	https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c
 	https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning

	Fix a smatch static checker warning on vdec_vp8_req_if.c.
	Which leads to a kernel crash when fb is NULL.

	The Linux kernel CVE team has assigned CVE-2024-47753 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.1.132 with commit 4e0713c79cf5d0b549fa855e230ade1ff83c27d7
	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.6.54 with commit dbe5b7373801c261f3ea118145fbb2caac5f9324
	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.10.13 with commit 35cc704622b3a9bc02a4755d5ba80238eee3cdc2
	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.11.2 with commit 3167aa42941b68405a092df114453ef0f1b09c2c
	Issue introduced in 5.19 with commit 7a7ae26fd458397d04421756dd19e5b8cf29a08f and fixed in 6.12 with commit b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-47753
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7
	https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324
	https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2
	https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c
	https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44