Improper Handling of Clock Data in Linux Kernel by MediaTek

CVE-2024-56684

Summary

This vulnerability pertains to the Linux kernel's mailbox subsystem, specifically within the MediaTek implementation. It arises from an incorrect usage of the 'sizeof' operator in the cmdq_get_clocks() function, where the size of the clk_bulk_data structure should be calculated instead of the data pointer passed to the devm_kcalloc() function. This miscalculation can potentially result in memory corruption or improper memory allocation. Addressing this issue is critical to maintain the integrity and security of affected MediaTek products.

References