5.5
CVE-2023-52888
- EPSS 0.24%
- Veröffentlicht 30.07.2024 08:15:02
- Zuletzt bearbeitet 07.10.2025 16:04:13
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
media: mediatek: vcodec: Only free buffer VA that is not NULL
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.10 < 6.6.39
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.9
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.149 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04
https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91
https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32