GoogleOSV:UBUNTU-CVE-2024-40973

HistoryJul 12, 2024 - 1:15 p.m.

UBUNTU-CVE-2024-40973

2024-07-1213:15:00

Google

osv.dev

linux kernel

vulnerability

media: mtk-vcodec

null pointer dereference

scp

devm_kzalloc

cve-2024-40973

cve-2022-3113

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113.

References

git.kernel.org/linus/53dbe08504442dc7ba4865c09b3bbf5fe849681b

git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b

git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b

git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354

ubuntu.com/security/CVE-2024-40973

ubuntu.com/security/notices/USN-6999-1

ubuntu.com/security/notices/USN-6999-2

ubuntu.com/security/notices/USN-7004-1

ubuntu.com/security/notices/USN-7005-1

ubuntu.com/security/notices/USN-7005-2

ubuntu.com/security/notices/USN-7008-1

ubuntu.com/security/notices/USN-7029-1

www.cve.org/CVERecord?id=CVE-2024-40973

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

JSON

Related for OSV:UBUNTU-CVE-2024-40973