mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.3 KiB
1.3 KiB
CVE-2024-49981
Description
In the Linux kernel, the following vulnerability has been resolved:media: venus: fix use after free bug in venus_remove due to race conditionin venus_probe, core->work is bound with venus_sys_error_handler, which isused to handle error. The code use core->sys_err_done to make sync work.The core->work is started in venus_event_notify.If we call venus_remove, there might be an unfished work. The possiblesequence is as follows:CPU0 CPU1 |venus_sys_error_handlervenus_remove |hfi_destroy |venus_hfi_destroy |kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdevFix it by canceling the work in venus_remove.
POC
Reference
No PoCs from references.