Runtime State Vulnerability in Linux Kernel's IVPU Module
CVE-2024-54193

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the Linux kernel's IVPU (Intelligent Video Processing Unit) module can lead to improper runtime state management. Specifically, an issue has been identified when the function ivpu_ipc_send_receive_internal() is executed prior to successful initialization of the power management system. This mismanagement may cause warnings to occur if the last resume operation failed, potentially leading to unstable kernel behavior. The vulnerability highlights the importance of ensuring all components are initialized properly before their operations can be executed.

Affected Version(s)

Linux 8ed520ff4682aaaef7d124bd9c0950092fddb9c1 < 578874b2bb947e047708f4df286e4ff1ba6be3ad

Linux 8ed520ff4682aaaef7d124bd9c0950092fddb9c1 < 0f6482caa6acdfdfc744db7430771fe7e6c4e787

Linux 6.7

References

https://git.kernel.org/stable/c/578874b2bb947e047708f4df2...

https://git.kernel.org/stable/c/0f6482caa6acdfdfc744db743...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025