CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them

Description

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: Ensure power suppliers be suspended before detach them

The power suppliers are always requested to suspend asynchronously,
dev_pm_domain_detach() requires the caller to ensure proper
synchronization of this function with power management callbacks.
otherwise the detach may led to kernel panic, like below:

[ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040
[ 1457.116777] Mem abort info:
[ 1457.119589] ESR = 0x0000000096000004
[ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits
[ 1457.128692] SET = 0, FnV = 0
[ 1457.131764] EA = 0, S1PTW = 0
[ 1457.134920] FSC = 0x04: level 0 translation fault
[ 1457.139812] Data abort info:
[ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000
[ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000
[ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec]
[ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66
[ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT)
[ 1457.199236] Workqueue: pm pm_runtime_work
[ 1457.203247] pstate: 6040...

Classification

CVE ID: CVE-2024-56575

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5
https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2
https://git.kernel.org/stable/c/b7a830bbc25da0f641e3ef2bac3b1766b2777a8b
https://git.kernel.org/stable/c/2f86d104539fab9181ea7b5721f40e7b92a8bf67
https://git.kernel.org/stable/c/fd0af4cd35da0eb550ef682b71cda70a4e36f6b9

Timeline

2024-12-28 00:31:24 UTC
CVE

media: imx-jpeg: Ensure power suppliers be suspended before detach them
2025-03-06 09:45:25 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-56575