CVE-2024-38592— drm/mediatek: Init `ddp_comp` with devm_kcalloc()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-38592
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
drm/mediatek: Init `ddp_comp` with devm_kcalloc()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init `ddp_comp` with devm_kcalloc() In the case where `conn_routes` is true we allocate an extra slot in the `ddp_comp` array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this caused a later crash when we looped through the array in mtk_drm_crtc_mode_valid(). This showed up for me when I booted with `slub_debug=FZPUA` which poisons the memory initially. Without `slub_debug` I couldn't reproduce, presumably because the later code handles the value being NULL and in most cases (not guaranteed in all cases) the memory the allocator returned started out as 0. It really doesn't hurt to initialize the array with devm_kcalloc() since the array is small and the overhead of initting a handful of elements to 0 is small. In general initting memory to zero is a safer practice and usually it's suggested to only use the non-initting alloc functions if you really need to. Let's switch the function to use an allocation function that zeros the memory. For me, this avoids the crash.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于drm/mediatek devm_kcalloc()中存在安全问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-38592
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-38592
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-06-19 · 122 CVEs total
| CVE-2024-38611 | media: i2c: et8ek8: Don't strip remove function when driver is builtin | |
| CVE-2021-47585 | btrfs: fix memory leak in __add_inode_ref() | |
| CVE-2021-47584 | iocost: Fix divide-by-zero on donation from low hweight cgroup | |
| CVE-2021-47582 | USB: core: Make do_proc_control() and do_proc_bulk() killable | |
| CVE-2021-47583 | media: mxl111sf: change mutex_init() location | |
| CVE-2021-47579 | ovl: fix warning in ovl_create_real() | |
| CVE-2021-47580 | scsi: scsi_debug: Fix type in min_t to avoid stack OOB | |
| CVE-2021-47578 | scsi: scsi_debug: Don't call kcalloc() if size arg is zero | |
| CVE-2021-47576 | scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() | |
| CVE-2021-47577 | io-wq: check for wq exit after adding new worker task_work | |
| CVE-2024-38617 | kunit/fortify: Fix mismatched kvalloc()/vfree() usage | |
| CVE-2024-38618 | ALSA: timer: Set lower bound of start tick time | |
| CVE-2024-38616 | wifi: carl9170: re-fix fortified-memset warning | |
| CVE-2024-38615 | cpufreq: exit() callback is optional | |
| CVE-2024-38614 | openrisc: traps: Don't send signals to kernel mode threads | |
| CVE-2024-38613 | m68k: Fix spinlock race in kernel thread creation | |
| CVE-2024-38602 | ax25: Fix reference count leak issues of ax25_dev | |
| CVE-2024-38603 | drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() | |
| CVE-2024-38601 | ring-buffer: Fix a race between readers and resize checks | |
| CVE-2024-38604 | block: refine the EOF check in blkdev_iomap_begin |
Showing top 20 of 122 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-38592
No comments yet