CVE-2022-3113 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
CISA9.8
EPSS
3.4%
top 12.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 14
Latest updateJul 12
Description
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linux590577a4e5257ac3ed72999a94666ad6ba8f24bc — eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f+4
Patches
🔴Vulnerability Details
5OSV▶
CVE-2024-40973: In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of dev↗2024-07-12
GHSA▶
GHSA-g7g4-7563-37xc: In the Linux kernel, the following vulnerability has been resolved:
media: mtk-vcodec: potential null pointer deference in SCP
The return value of d↗2024-07-12
📋Vendor Advisories
6Debian▶
CVE-2024-40973: linux - In the Linux kernel, the following vulnerability has been resolved: media: mtk-...↗2024
Microsoft▶
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will↗2022-12-13