Use-After-Free Vulnerability in Linux Kernel's Mediatek DRM Module
CVE-2024-57926

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 January 2025

Summary

A vulnerability exists in the MediaTek DRM module of the Linux kernel, which can lead to a use-after-free condition. This issue arises when the mtk_drm_bind function allocates resources but fails to properly nullify pointers upon error, leading to potential access to previously freed memory. As a result, this can manifest in system instability during shutdown processes, causing crashes and undesired behavior in kernel operations. Addressing this vulnerability requires immediate attention to ensure safe memory management and prevent exploitation.

Affected Version(s)

Linux 1ef7ed48356cd5f9af2b7671956991b658d8c2ba < 7083b93e9755d60f0c2bcaa9d064308108280534

Linux 1ef7ed48356cd5f9af2b7671956991b658d8c2ba < 078b2ff7da200b7532398e668eef723ad40fb516

Linux 1ef7ed48356cd5f9af2b7671956991b658d8c2ba < 36684e9d88a2e2401ae26715a2e217cb4295cea7

References

https://git.kernel.org/stable/c/7083b93e9755d60f0c2bcaa9d...

https://git.kernel.org/stable/c/078b2ff7da200b7532398e668...

https://git.kernel.org/stable/c/36684e9d88a2e2401ae26715a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2025
Vulnerability Reserved
Jan 19, 2025