Linux · Linux Kernel · CVE-2024-35921
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The vulnerability is related to the stateless HEVC decoder in the Linux kernel, which saves the instance pointer in the context regardless of whether the initialization worked or not. This causes a use-after-free issue when the pointer is freed in case of a failure in the deinit function. The issue is solved by only storing the instance pointer when the initialization is successful.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.