CVE-2024-38547

media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries

Description

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain: sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries() In unload_video_binaries(), it calls to ia_css_binary_unload with argument &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer dereference is triggered.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80 patch
https://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272 patch
https://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35 patch
https://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069 patch
https://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e patch
https://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0 patch
https://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb patch

Frequently Asked Questions

What is the severity of CVE-2024-38547?
CVE-2024-38547 has been scored as a medium severity vulnerability.
How to fix CVE-2024-38547?
To fix CVE-2024-38547, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-38547 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-38547 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38547?
CVE-2024-38547 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.