CVE-2024-40973 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b
https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b
https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f
https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354
https://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40973-ace1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40973
https://www.cve.org/CVERecord?id=CVE-2024-40973

History

Fri, 07 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 23 Aug 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `Low`

Thu, 22 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-252
Metrics	cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-12T12:32:10.763Z

Updated: 2025-03-07T17:56:35.102Z

Reserved: 2024-07-12T12:17:45.603Z

Link: CVE-2024-40973

Vulnrichment

Updated: 2024-08-02T04:39:55.906Z

NVD

Status : Modified

Published: 2024-07-12T13:15:18.890

Modified: 2025-03-07T18:15:40.783

Link: CVE-2024-40973

Redhat

Severity : Low

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-40973 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40973", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.603Z", "datePublished": "2024-07-12T12:32:10.763Z", "dateUpdated": "2025-03-07T17:56:35.102Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-07T17:56:35.102Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c"], "versions": [{"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f", "status": "affected", "versionType": "git"}, {"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "f066882293b5ad359e44c4ed24ab1811ffb0b354", "status": "affected", "versionType": "git"}, {"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "3a693c7e243b932faee5c1fb728efa73f0abc39b", "status": "affected", "versionType": "git"}, {"version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "53dbe08504442dc7ba4865c09b3bbf5fe849681b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.130", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f"}, {"url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354"}, {"url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b"}, {"url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b"}], "title": "media: mtk-vcodec: potential null pointer deference in SCP", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.906Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:02:47.755849Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:22.314Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.906Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:02:47.755849Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.265Z"}}], "cna": {"title": "media: mtk-vcodec: potential null pointer deference in SCP", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f", "versionType": "git"}, {"status": "affected", "version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "f066882293b5ad359e44c4ed24ab1811ffb0b354", "versionType": "git"}, {"status": "affected", "version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "3a693c7e243b932faee5c1fb728efa73f0abc39b", "versionType": "git"}, {"status": "affected", "version": "590577a4e5257ac3ed72999a94666ad6ba8f24bc", "lessThan": "53dbe08504442dc7ba4865c09b3bbf5fe849681b", "versionType": "git"}], "programFiles": ["drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.10"}, {"status": "unaffected", "version": "0", "lessThan": "4.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.130", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f"}, {"url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354"}, {"url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b"}, {"url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-07T17:56:35.102Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40973", "state": "PUBLISHED", "dateUpdated": "2025-03-07T17:56:35.102Z", "dateReserved": "2024-07-12T12:17:45.603Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:32:10.763Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F8F699-7041-44A4-9087-0E1FFC0543C8", "versionEndExcluding": "6.6.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medio: mtk-vcodec: posible deferencia de puntero nulo en SCP Es necesario verificar el valor de retorno de devm_kzalloc() para evitar la deferencia de puntero NULL. Esto es similar a CVE-2022-3113."}], "id": "CVE-2024-40973", "lastModified": "2025-03-07T18:15:40.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:18.890", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: media: mtk-vcodec: potential null pointer deference in SCP", "id": "2297557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297557"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-252", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: mtk-vcodec: potential null pointer deference in SCP\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113.", "A flaw was found in the mtk-vcodec module in the Linux kernel. The mtk_vcodec_fw_scp_init function in the drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c file does not check the return value of the devm_kzalloc function, potentially resulting in a NULL pointer dereference."], "name": "CVE-2024-40973", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40973\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40973\nhttps://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40973-ace1@gregkh/T"], "statement": "The mtk-vcodec module is not built in the kernel shipped in Red Hat Enterprise Linux, so it is not affected by this vulnerability.", "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object