CVE-2024-38549

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/mediatek: Agregar verificación de tamaño 0 a mtk_drm_gem_obj Agregar una verificación a mtk_drm_gem_init si intentamos asignar un objeto GEM de 0 bytes. Actualmente, no existe tal verificación y el kernel entrará en pánico si una aplicación de espacio de usuario intenta asignar un búfer GBM 0x0. Probado intentando asignar un búfer GBM 0x0 en un MT8188 y verificando que ahora devolvemos EINVAL.

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/119f5173628aa7a0c3cf9db83460d40709e8241d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364	2024-06-16
https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67	2024-06-16
https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350	2024-06-16
https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4	2024-06-16
https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05	2024-06-12
https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594	2024-06-12
https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7	2024-05-30
https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405	2024-05-30
https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0	2024-04-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 4.19.316 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 4.19.316"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.4.278 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.4.278"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 6.10"		en		Affected