Linux Kernel Error Pointer Dereference in IMX JPEG Driver
CVE-2024-57978

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the IMX JPEG driver of the Linux kernel, where the code may dereference an error pointer. Specifically, the check for the pointer involves determining if it is not NULL and not an error pointer before passing it to the pm_runtime_suspended() function. If an error pointer is erroneously passed, it can lead to system instability, manifesting as an Oops. The fix involves using IS_ERR_OR_NULL() to clearly verify both cases, thus preventing the potential dereference issue.

Affected Version(s)

Linux 12914fd765ba4f9d6a9a50439e8dd2e9f91423f2

Linux b7a830bbc25da0f641e3ef2bac3b1766b2777a8b < 1b2af918bb714937a8be6cb637f528585461cd98

Linux 2f86d104539fab9181ea7b5721f40e7b92a8bf67 < 6e601a64f7777e2f78c02db1a8b5ba3b7c5e9e31

References

https://git.kernel.org/stable/c/fde89fe11b44500bfcb2d4058...

https://git.kernel.org/stable/c/1b2af918bb714937a8be6cb63...

https://git.kernel.org/stable/c/6e601a64f7777e2f78c02db1a...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025