ghsa-m9c3-v5xg-j7mc
Vulnerability from github
Published
2024-07-30 09:31
Modified
2024-07-30 09:31
Details

In the Linux kernel, the following vulnerability has been resolved:

media: mediatek: vcodec: Only free buffer VA that is not NULL

In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice.

We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-52888"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:02Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Only free buffer VA that is not NULL\n\nIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly\ncalled only when the buffer to free exists, there are some instances\nthat didn\u0027t do the check and triggered warnings in practice.\n\nWe believe those checks were forgotten unintentionally. Add the checks\nback to fix the warnings.",
  "id": "GHSA-m9c3-v5xg-j7mc",
  "modified": "2024-07-30T09:31:51Z",
  "published": "2024-07-30T09:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52888"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.