{"id":"CVE-2024-56577","summary":"media: mtk-jpeg: Fix null-ptr-deref during unload module","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-jpeg: Fix null-ptr-deref during unload module\n\nThe workqueue should be destroyed in mtk_jpeg_core.c since commit\n09aea13ecf6f (\"media: mtk-jpeg: refactor some variables\"), otherwise\nthe below calltrace can be easily triggered.\n\n[  677.862514] Unable to handle kernel paging request at virtual address dfff800000000023\n[  677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n...\n[  677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G           O       6.8.12-mtk+gfa1a78e5d24b+ #17\n...\n[  677.882838] pc : destroy_workqueue+0x3c/0x770\n[  677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]\n[  677.884314] sp : ffff80008ad974f0\n[  677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070\n[  677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690\n[  677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000\n[  677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0\n[  677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10\n[  677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d\n[  677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90\n[  677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001\n[  677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000\n[  677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118\n[  677.893977] Call trace:\n[  677.894297]  destroy_workqueue+0x3c/0x770\n[  677.894826]  mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]\n[  677.895677]  devm_action_release+0x50/0x90\n[  677.896211]  release_nodes+0xe8/0x170\n[  677.896688]  devres_release_all+0xf8/0x178\n[  677.897219]  device_unbind_cleanup+0x24/0x170\n[  677.897785]  device_release_driver_internal+0x35c/0x480\n[  677.898461]  device_release_driver+0x20/0x38\n...\n[  677.912665] ---[ end trace 0000000000000000 ]---","modified":"2026-03-20T12:39:52.543433Z","published":"2024-12-27T14:23:19.725Z","related":["SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56577.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0ba08c21c6a92e6512e73644555120427c9a49d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/17af2b39daf12870cac61ffc360e62bc35798afb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bc3889a39baf783c64c6d628bbb74d76ce164bb1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56577.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56577"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"09aea13ecf6f89ed7f18114953695563f64f461c"},{"fixed":"0ba08c21c6a92e6512e73644555120427c9a49d4"},{"fixed":"bc3889a39baf783c64c6d628bbb74d76ce164bb1"},{"fixed":"17af2b39daf12870cac61ffc360e62bc35798afb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56577.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}