CVE-2024-47753 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c
https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2
https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7
https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44
https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324
https://lore.kernel.org/linux-cve-announce/2024102114-CVE-2024-47753-45cf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-47753
https://www.cve.org/CVERecord?id=CVE-2024-47753

History

Fri, 28 Mar 2025 21:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7

Tue, 22 Oct 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 22 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 22 Oct 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102114-CVE-2024-47753-45cf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-47753 https://www.cve.org/CVERecord?id=CVE-2024-47753
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 21 Oct 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL.
Title		media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
References		https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2 https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44 https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-21T12:14:17.776Z

Updated: 2025-03-28T21:29:12.180Z

Reserved: 2024-09-30T16:00:12.961Z

Link: CVE-2024-47753

Vulnrichment

Updated: 2024-10-21T12:57:43.277Z

NVD

Status : Modified

Published: 2024-10-21T13:15:05.283

Modified: 2025-03-28T22:15:16.913

Link: CVE-2024-47753

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-47753 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47753", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-30T16:00:12.961Z", "datePublished": "2024-10-21T12:14:17.776Z", "dateUpdated": "2025-03-28T21:29:12.180Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-28T21:29:12.180Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c"], "versions": [{"version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "4e0713c79cf5d0b549fa855e230ade1ff83c27d7", "status": "affected", "versionType": "git"}, {"version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "dbe5b7373801c261f3ea118145fbb2caac5f9324", "status": "affected", "versionType": "git"}, {"version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "35cc704622b3a9bc02a4755d5ba80238eee3cdc2", "status": "affected", "versionType": "git"}, {"version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "3167aa42941b68405a092df114453ef0f1b09c2c", "status": "affected", "versionType": "git"}, {"version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.132", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.54", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7"}, {"url": "https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324"}, {"url": "https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2"}, {"url": "https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c"}, {"url": "https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44"}], "title": "media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47753", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T12:57:40.138660Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:04:12.715Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47753", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T12:57:40.138660Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T12:57:43.277Z"}}], "cna": {"title": "media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "4e0713c79cf5d0b549fa855e230ade1ff83c27d7", "versionType": "git"}, {"status": "affected", "version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "dbe5b7373801c261f3ea118145fbb2caac5f9324", "versionType": "git"}, {"status": "affected", "version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "35cc704622b3a9bc02a4755d5ba80238eee3cdc2", "versionType": "git"}, {"status": "affected", "version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "3167aa42941b68405a092df114453ef0f1b09c2c", "versionType": "git"}, {"status": "affected", "version": "7a7ae26fd458397d04421756dd19e5b8cf29a08f", "lessThan": "b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44", "versionType": "git"}], "programFiles": ["drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.19"}, {"status": "unaffected", "version": "0", "lessThan": "5.19", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.132", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.54", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.13", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.2", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7"}, {"url": "https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324"}, {"url": "https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2"}, {"url": "https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c"}, {"url": "https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-28T21:29:12.180Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47753", "state": "PUBLISHED", "dateUpdated": "2025-03-28T21:29:12.180Z", "dateReserved": "2024-09-30T16:00:12.961Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T12:14:17.776Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AA8041C-8654-4FB1-AEF6-96991ED55345", "versionEndExcluding": "6.6.54", "versionStartIncluding": "5.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mediatek: vcodec: Se corrige la advertencia de coincidencia de decodificador sin estado de VP8 Se corrige una advertencia de verificaci\u00f3n est\u00e1tica de coincidencia en vdec_vp8_req_if.c. Que provoca un bloqueo del kernel cuando fb es NULL."}], "id": "CVE-2024-47753", "lastModified": "2025-03-28T22:15:16.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T13:15:05.283", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3167aa42941b68405a092df114453ef0f1b09c2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35cc704622b3a9bc02a4755d5ba80238eee3cdc2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dbe5b7373801c261f3ea118145fbb2caac5f9324"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning", "id": "2320260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320260"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL."], "name": "CVE-2024-47753", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47753\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47753\nhttps://lore.kernel.org/linux-cve-announce/2024102114-CVE-2024-47753-45cf@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object