CVE-2024-35920: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' function when the ctx_list has been deleted due to an unexpected behavior on the SCP IP block. Hardware name: Google juniper sku16 board (DT) pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--) pc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec] lr : scp_ipi_handler+0xd0/0x194 [mtk_scp] sp : ffffffc0131dbbd0 x29: ffffffc0131dbbd0 x28: 0000000000000000 x27: ffffff9bb277f348 x26: ffffff9bb242ad00 x25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4 x23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0 x21: 0000000000000010 x20: ffffff9b050ea328 x19: ffffffc0131dbc08 x18: 0000000000001000 x17: 0000000000000000 x16: ffffffd2d461c6e0 x15: 0000000000000242 x14: 000000000000018f x13: 000000000000004d x12: 0000000000000000 x11: 0000000000000001 x10: fffffffffffffff0 x9 : ffffff9bb6e793a8 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : fffffffffffffff0 x3 : 0000000000000020 x2 : ffffff9bb6e79080 x1 : 0000000000000010 x0 : ffffffc0131dbc08 Call trace: vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)] scp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)] mt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)] scp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)] irq_thread_fn+0x38/0x94 irq_thread+0x100/0x1c0 kthread+0x140/0x1fc ret_from_fork+0x10/0x30 Code: 54000088 f94ca50a eb14015f 54000060 (f9400108) ---[ end trace ace43ce36cbd5c93 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs Kernel Offset: 0x12c4000000 from 0xffffffc010000000 PHYS_OFFSET: 0xffffffe580000000 CPU features: 0x08240002,2188200c Memory Limit: none
AI Analysis
Technical Summary
CVE-2024-35920 is a vulnerability identified in the Linux kernel specifically affecting the MediaTek video codec (vcodec) driver. The issue arises from the lack of proper locking mechanisms protecting the decoder context list (ctx_list) within the 'vpu_dec_ipi_handler' function. This function handles inter-processor interrupts (IPI) related to the video processing unit (VPU) decoder. Without adequate locking, the ctx_list can be accessed after it has been deleted due to unexpected behavior in the System Control Processor (SCP) IP block, leading to a NULL pointer dereference. This results in a kernel panic and a fatal exception, causing the system to crash and stop secondary CPUs. The vulnerability is hardware-specific, noted on the Google Juniper sku16 board (Device Tree), which uses MediaTek’s MT8183 SoC. The root cause is a race condition where the decoder context list is accessed concurrently without synchronization, leading to use-after-free or NULL pointer dereference scenarios. The kernel panic trace indicates that the issue occurs deep within the MediaTek-specific kernel modules handling video decoding and SCP interrupts. This vulnerability does not have a CVSS score assigned yet and no known exploits in the wild have been reported. However, the impact is a denial of service (DoS) condition due to kernel crashes triggered by malformed or unexpected input to the video codec driver. The patch involves adding a lock to protect the ctx_list, preventing access to freed or NULL pointers and ensuring thread-safe operations within the vpu_dec_ipi_handler function.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on systems running affected Linux kernels with MediaTek video codec drivers, especially on hardware platforms using MediaTek SoCs like the MT8183. This could impact embedded devices, IoT devices, or specialized hardware using this chipset, potentially disrupting services relying on video decoding capabilities. Although the vulnerability does not directly lead to privilege escalation or remote code execution, the kernel panic and system crash can cause significant availability issues, particularly in environments where uptime is critical such as telecommunications, industrial control systems, or media streaming services. Organizations using Linux-based devices with MediaTek hardware in their infrastructure or products may face operational disruptions or require emergency patching. The lack of known exploits reduces immediate risk, but the vulnerability’s presence in the kernel means that any attacker with local access or the ability to trigger the vulnerable code path could cause system instability. This is especially relevant for European sectors with stringent availability requirements and regulatory compliance mandates around system reliability and incident response.
Mitigation Recommendations
1. Apply Kernel Updates: European organizations should prioritize updating their Linux kernels to versions that include the patch adding proper locking to the MediaTek vcodec driver. Monitor Linux kernel mailing lists and vendor advisories for the official patch release. 2. Hardware Inventory and Assessment: Identify all devices and systems using MediaTek SoCs, particularly MT8183 or similar, to assess exposure. This includes embedded systems, IoT devices, and specialized hardware running Linux. 3. Restrict Access: Limit local access to affected systems to trusted personnel only, as exploitation requires triggering the vulnerable function locally or via crafted input to the video codec driver. 4. Monitor Logs and System Behavior: Implement monitoring for kernel panics, unexpected reboots, or crashes related to video decoding processes to detect potential exploitation attempts or instability. 5. Vendor Coordination: Engage with hardware vendors and Linux distribution maintainers to ensure timely patch deployment and receive guidance on mitigating this vulnerability in specific device contexts. 6. Consider Workarounds: If immediate patching is not feasible, consider disabling or restricting use of the MediaTek video codec driver on affected devices, if this does not impact critical functionality. 7. Incident Response Preparedness: Prepare for potential denial of service incidents by having recovery procedures and backups in place to minimize downtime.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Finland, Belgium
CVE-2024-35920: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' function when the ctx_list has been deleted due to an unexpected behavior on the SCP IP block. Hardware name: Google juniper sku16 board (DT) pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--) pc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec] lr : scp_ipi_handler+0xd0/0x194 [mtk_scp] sp : ffffffc0131dbbd0 x29: ffffffc0131dbbd0 x28: 0000000000000000 x27: ffffff9bb277f348 x26: ffffff9bb242ad00 x25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4 x23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0 x21: 0000000000000010 x20: ffffff9b050ea328 x19: ffffffc0131dbc08 x18: 0000000000001000 x17: 0000000000000000 x16: ffffffd2d461c6e0 x15: 0000000000000242 x14: 000000000000018f x13: 000000000000004d x12: 0000000000000000 x11: 0000000000000001 x10: fffffffffffffff0 x9 : ffffff9bb6e793a8 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : fffffffffffffff0 x3 : 0000000000000020 x2 : ffffff9bb6e79080 x1 : 0000000000000010 x0 : ffffffc0131dbc08 Call trace: vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)] scp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)] mt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)] scp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)] irq_thread_fn+0x38/0x94 irq_thread+0x100/0x1c0 kthread+0x140/0x1fc ret_from_fork+0x10/0x30 Code: 54000088 f94ca50a eb14015f 54000060 (f9400108) ---[ end trace ace43ce36cbd5c93 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs Kernel Offset: 0x12c4000000 from 0xffffffc010000000 PHYS_OFFSET: 0xffffffe580000000 CPU features: 0x08240002,2188200c Memory Limit: none
AI-Powered Analysis
Technical Analysis
CVE-2024-35920 is a vulnerability identified in the Linux kernel specifically affecting the MediaTek video codec (vcodec) driver. The issue arises from the lack of proper locking mechanisms protecting the decoder context list (ctx_list) within the 'vpu_dec_ipi_handler' function. This function handles inter-processor interrupts (IPI) related to the video processing unit (VPU) decoder. Without adequate locking, the ctx_list can be accessed after it has been deleted due to unexpected behavior in the System Control Processor (SCP) IP block, leading to a NULL pointer dereference. This results in a kernel panic and a fatal exception, causing the system to crash and stop secondary CPUs. The vulnerability is hardware-specific, noted on the Google Juniper sku16 board (Device Tree), which uses MediaTek’s MT8183 SoC. The root cause is a race condition where the decoder context list is accessed concurrently without synchronization, leading to use-after-free or NULL pointer dereference scenarios. The kernel panic trace indicates that the issue occurs deep within the MediaTek-specific kernel modules handling video decoding and SCP interrupts. This vulnerability does not have a CVSS score assigned yet and no known exploits in the wild have been reported. However, the impact is a denial of service (DoS) condition due to kernel crashes triggered by malformed or unexpected input to the video codec driver. The patch involves adding a lock to protect the ctx_list, preventing access to freed or NULL pointers and ensuring thread-safe operations within the vpu_dec_ipi_handler function.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on systems running affected Linux kernels with MediaTek video codec drivers, especially on hardware platforms using MediaTek SoCs like the MT8183. This could impact embedded devices, IoT devices, or specialized hardware using this chipset, potentially disrupting services relying on video decoding capabilities. Although the vulnerability does not directly lead to privilege escalation or remote code execution, the kernel panic and system crash can cause significant availability issues, particularly in environments where uptime is critical such as telecommunications, industrial control systems, or media streaming services. Organizations using Linux-based devices with MediaTek hardware in their infrastructure or products may face operational disruptions or require emergency patching. The lack of known exploits reduces immediate risk, but the vulnerability’s presence in the kernel means that any attacker with local access or the ability to trigger the vulnerable code path could cause system instability. This is especially relevant for European sectors with stringent availability requirements and regulatory compliance mandates around system reliability and incident response.
Mitigation Recommendations
1. Apply Kernel Updates: European organizations should prioritize updating their Linux kernels to versions that include the patch adding proper locking to the MediaTek vcodec driver. Monitor Linux kernel mailing lists and vendor advisories for the official patch release. 2. Hardware Inventory and Assessment: Identify all devices and systems using MediaTek SoCs, particularly MT8183 or similar, to assess exposure. This includes embedded systems, IoT devices, and specialized hardware running Linux. 3. Restrict Access: Limit local access to affected systems to trusted personnel only, as exploitation requires triggering the vulnerable function locally or via crafted input to the video codec driver. 4. Monitor Logs and System Behavior: Implement monitoring for kernel panics, unexpected reboots, or crashes related to video decoding processes to detect potential exploitation attempts or instability. 5. Vendor Coordination: Engage with hardware vendors and Linux distribution maintainers to ensure timely patch deployment and receive guidance on mitigating this vulnerability in specific device contexts. 6. Consider Workarounds: If immediate patching is not feasible, consider disabling or restricting use of the MediaTek video codec driver on affected devices, if this does not impact critical functionality. 7. Incident Response Preparedness: Prepare for potential denial of service incidents by having recovery procedures and backups in place to minimize downtime.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.124Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe218e
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:11:05 AM
Last updated: 7/31/2025, 7:01:29 PM
Views: 12
Related Threats
CVE-2025-53606: CWE-502 Deserialization of Untrusted Data in Apache Software Foundation Apache Seata (incubating)
CriticalCVE-2025-48913: CWE-20 Improper Input Validation in Apache Software Foundation Apache CXF
HighCVE-2025-6572: CWE-79 Cross-Site Scripting (XSS) in OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
HighCVE-2025-54959: Improper limitation of a pathname to a restricted directory ('Path Traversal') in Mubit co.,ltd. Powered BLUE 870
MediumCVE-2025-54958: Improper neutralization of special elements used in an OS command ('OS Command Injection') in Mubit co.,ltd. Powered BLUE 870
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.