CVE-2023-52850

media: hantro: Check whether reset op is defined before use

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is
done by genpd. Check whether the .reset op is defined before calling it
to avoid NULL pointer dereference. Note that the Fixes tag is set to the commit which removed the reset op
from i.MX8M Hantro G2 implementation, this is because before this commit
all the implementations did define the .reset op.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: hantro: compruebe si la operación de reinicio está definida antes de su uso. El i.MX8MM/N/P no define la operación .reset ya que genpd realiza el reinicio de la VPU. Compruebe si la operación .reset está definida antes de llamarla para evitar la desreferencia del puntero NULL. Tenga en cuenta que la etiqueta Fixes está configurada en la confirmación que eliminó la operación de reinicio de la implementación de i.MX8M Hantro G2, esto se debe a que antes de esta confirmación todas las implementaciones definían la operación .reset.

In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avoid NULL pointer dereference. Note that the Fixes tag is set to the commit which removed the reset op from i.MX8M Hantro G2 implementation, this is because before this commit all the implementations did define the .reset op.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/6971efb70ac3e43d19bf33ef5f83bea0271831ee	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/64f55cebb4339ae771e9e7f3f42bee2489e2fa00	2023-11-20
https://git.kernel.org/stable/c/66b4c5f980d741f3a47e4b65eeaf2797f2d59294	2023-11-20
https://git.kernel.org/stable/c/24c06295f28335ced3aad53dd4b0a0bae7b9b100	2023-11-20
https://git.kernel.org/stable/c/88d4b23a629ebd34f682f770cb6c2116c851f7b8	2023-09-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.1.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.1.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.5.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.5.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.7"		en		Affected