vulnerability
Oracle Linux: CVE-2024-42313: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:M/C:C/I:C/A:C) | 2024-08-17 | 2024-10-16 | 2025-01-23 |
Severity
6
CVSS
(AV:L/AC:L/Au:M/C:C/I:C/A:C)
Published
2024-08-17
Added
2024-10-16
Modified
2025-01-23
Description
In the Linux kernel, the following vulnerability has been resolved:
media: venus: fix use after free in vdec_close
There appears to be a possible use after free with vdec_close().
The firmware will add buffer release work to the work queue through
HFI callbacks as a normal part of decoding. Randomly closing the
decoder device from userspace during normal decoding can incur
a read after free for inst.
Fix it by cancelling the work in vdec_close.
A use-after-free vulnerability was found in the Linux kernel. The firmware can add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free. This issue could allow an attacker to execute his own code using the dangling pointer.
media: venus: fix use after free in vdec_close
There appears to be a possible use after free with vdec_close().
The firmware will add buffer release work to the work queue through
HFI callbacks as a normal part of decoding. Randomly closing the
decoder device from userspace during normal decoding can incur
a read after free for inst.
Fix it by cancelling the work in vdec_close.
A use-after-free vulnerability was found in the Linux kernel. The firmware can add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free. This issue could allow an attacker to execute his own code using the dangling pointer.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.