In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
Aug 17, 2024
to the GitHub Advisory Database
•
Updated Aug 22, 2024
Description
Published by the National Vulnerability Database
Aug 17, 2024
Published to the GitHub Advisory Database
Aug 17, 2024
Last updated
Aug 22, 2024
In the Linux kernel, the following vulnerability has been resolved:
media: venus: fix use after free in vdec_close
There appears to be a possible use after free with vdec_close().
The firmware will add buffer release work to the work queue through
HFI callbacks as a normal part of decoding. Randomly closing the
decoder device from userspace during normal decoding can incur
a read after free for inst.
Fix it by cancelling the work in vdec_close.
References