PT-2024-36883 · Linux+4 · Linux Kernel+4

Guoqing Jiang

·

Published

2024-09-12

·

Updated

2025-10-03

·

CVE-2024-56577

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the null-ptr-deref issue in the mtk-jpeg module
Description A null-ptr-deref issue has been resolved in the Linux kernel. The workqueue should be destroyed in mtk jpeg core.c since a specific commit, otherwise, a calltrace can be easily triggered. The issue is related to the mtk-jpeg module and can cause a kernel paging request error.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the null-ptr-deref issue in the mtk-jpeg module. As a temporary workaround, consider disabling the mtk jpegdec destroy workqueue() function until a patch is available. Restrict access to the vulnerable mtk jpeg core.c module to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17893
ALT-PU-2025-12647
AZL-54878
BDU:2025-07800
CVE-2024-56577
OESA-2025-1286
OESA-2025-1450
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu