CVE-2024-40973

MEDIUM

Linux kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f

Patch

https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354

Patch

https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b

Patch

https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b

Scores

CVSS v3 5.5

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 4.10.0 - 6.1.130linux

linux/Kernel 6.2.0 - 6.6.36linux

linux/Kernel 6.7.0 - 6.9.7linux

Linux/Linux < 4.10

Linux/Linux 4.10

Linux/Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc - 3a693c7e243b932faee5c1fb728efa73f0abc39b

Linux/Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc - 53dbe08504442dc7ba4865c09b3bbf5fe849681b

Linux/Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc - eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f

Linux/Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc - f066882293b5ad359e44c4ed24ab1811ffb0b354

Linux/Linux 6.1.130 - 6.1.*

... and 4 more

Published Jul 12, 2024

Tracked Since Feb 18, 2026