Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head. This results in a NULL-pointer dereference if csi2_async_register() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. The following calls to v4l2_async_nf_unregister() results in a NULL pointer dereference. Add the missing list head initializer.

INFO

Published Date :

2024-06-25T14:25:03.578Z

Last Modified :

2025-05-04T09:16:22.241Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39464 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39464.

URL Resource
https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad cve-icon cve-icon
https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d cve-icon cve-icon
https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39464-6214@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-39464 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-39464 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact