Dikshita Agarwal

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.50 Description: The issue is related to a use after free vulnerability in the `vdec close()` function in the Linux kernel's Qualcomm Venus V4L2 driver. This vulnerability can be exploited when the decoder device is randomly closed from userspace during normal decoding, potentially leading to a read after free. The firmware adds buffer release work to the work queue through HFI callbacks as part of the decoding process. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Recommendations: To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the `vdec close()` function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the decoder device from userspace during normal decoding until the issue is resolved.