CVE-2024-35921: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed in case of a failure in the deinit function. Only store the instance pointer when the initialization was successful, to solve this issue. Hardware name: Acer Tomato (rev3 - 4) board (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] lr : vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] sp : ffff80008750bc20 x29: ffff80008750bc20 x28: ffff1299f6d70000 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: ffff80008750bc98 x22: 000000000000a003 x21: ffffd45c4cfae000 x20: 0000000000000010 x19: ffff1299fd668310 x18: 000000000000001a x17: 000000040044ffff x16: ffffd45cb15dc648 x15: 0000000000000000 x14: ffff1299c08da1c0 x13: ffffd45cb1f87a10 x12: ffffd45cb2f5fe80 x11: 0000000000000001 x10: 0000000000001b30 x9 : ffffd45c4d12b488 x8 : 1fffe25339380d81 x7 : 0000000000000001 x6 : ffff1299c9c06c00 x5 : 0000000000000132 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000010 x1 : ffff80008750bc98 x0 : 0000000000000000 Call trace: vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] vpu_dec_deinit+0x1c/0x30 [mtk_vcodec_dec] vdec_hevc_slice_deinit+0x30/0x98 [mtk_vcodec_dec] vdec_if_deinit+0x38/0x68 [mtk_vcodec_dec] mtk_vcodec_dec_release+0x20/0x40 [mtk_vcodec_dec] fops_vcodec_release+0x64/0x118 [mtk_vcodec_dec] v4l2_release+0x7c/0x100 __fput+0x80/0x2d8 __fput_sync+0x58/0x70 __arm64_sys_close+0x40/0x90 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0xd8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x1a8/0x1b0 Code: d503201f f9401660 b900127f b900227f (f9400400)
AI Analysis
Technical Summary
CVE-2024-35921 is a vulnerability identified in the Linux kernel, specifically within the MediaTek video codec (vcodec) driver component that handles HEVC (High Efficiency Video Coding) decoding. The flaw arises from improper handling of the stateless HEVC decoder's initialization process. When the HEVC decoder initialization fails, the driver erroneously saves a pointer to the decoder instance in the context regardless of success or failure. This leads to a use-after-free condition because the pointer is freed during the deinitialization process if initialization fails, but the stale pointer remains stored and can be accessed later. The vulnerability manifests as an oops (kernel crash) triggered by the function vcodec_vpu_send_msg in the MediaTek vcodec driver, which is part of the Linux kernel's media subsystem. The call trace indicates that the issue occurs during the deinitialization and release of the video codec context, specifically in functions like vpu_dec_deinit and vdec_hevc_slice_deinit. This bug can cause kernel instability or crashes when processing HEVC video streams on affected hardware platforms, such as the Acer Tomato (rev3 - 4) board, which uses the MediaTek video codec hardware. The root cause is a failure to conditionally store the instance pointer only upon successful initialization, which was fixed by ensuring the pointer is saved only if initialization succeeds. There is no CVSS score assigned yet, and no known exploits in the wild have been reported. The vulnerability was published on May 19, 2024, and is relevant to Linux kernel versions containing the affected MediaTek vcodec driver code. This flaw is a typical use-after-free vulnerability that can lead to denial of service through kernel crashes and potentially could be leveraged for privilege escalation or arbitrary code execution if combined with other vulnerabilities, although such exploitation is not confirmed at this time.
Potential Impact
For European organizations, the impact of CVE-2024-35921 primarily involves potential system instability and denial of service on Linux systems utilizing MediaTek video codec hardware, particularly those processing HEVC video streams. This could affect servers, embedded devices, or workstations running vulnerable Linux kernels with MediaTek vcodec support enabled. Organizations relying on multimedia processing, video streaming, or embedded Linux devices with MediaTek chipsets may experience unexpected kernel crashes, leading to service interruptions or degraded performance. While no active exploits are known, the vulnerability could be targeted by attackers to disrupt operations or as a stepping stone for privilege escalation in multi-user environments. The impact is more pronounced in sectors with critical multimedia infrastructure, such as broadcasting, media production, telecommunications, and IoT deployments. Additionally, since Linux is widely used in European data centers and embedded systems, unpatched systems could face increased risk of stability issues. The vulnerability does not directly expose data confidentiality or integrity but affects availability and system reliability. Given the kernel-level nature of the flaw, successful exploitation could undermine system security controls, emphasizing the need for timely patching.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems using MediaTek video codec hardware or running kernels with the affected vcodec driver. 2) Apply the latest Linux kernel patches that address CVE-2024-35921 as soon as they become available from trusted sources such as the official Linux kernel repositories or vendor distributions. 3) For embedded or specialized devices (e.g., Acer Tomato boards or similar hardware), coordinate with hardware vendors for firmware or kernel updates incorporating the fix. 4) If immediate patching is not feasible, consider disabling or restricting HEVC video decoding functionality in the MediaTek vcodec driver to prevent triggering the vulnerable code paths. 5) Monitor system logs for kernel oops or crashes related to vcodec operations to detect potential exploitation attempts or instability. 6) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Control Flow Integrity (CFI) to reduce exploitation likelihood. 7) Maintain robust incident response and recovery plans to quickly address any service disruptions caused by this vulnerability. These steps go beyond generic advice by focusing on hardware-specific identification, vendor coordination, and operational monitoring tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2024-35921: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed in case of a failure in the deinit function. Only store the instance pointer when the initialization was successful, to solve this issue. Hardware name: Acer Tomato (rev3 - 4) board (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] lr : vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] sp : ffff80008750bc20 x29: ffff80008750bc20 x28: ffff1299f6d70000 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: ffff80008750bc98 x22: 000000000000a003 x21: ffffd45c4cfae000 x20: 0000000000000010 x19: ffff1299fd668310 x18: 000000000000001a x17: 000000040044ffff x16: ffffd45cb15dc648 x15: 0000000000000000 x14: ffff1299c08da1c0 x13: ffffd45cb1f87a10 x12: ffffd45cb2f5fe80 x11: 0000000000000001 x10: 0000000000001b30 x9 : ffffd45c4d12b488 x8 : 1fffe25339380d81 x7 : 0000000000000001 x6 : ffff1299c9c06c00 x5 : 0000000000000132 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000010 x1 : ffff80008750bc98 x0 : 0000000000000000 Call trace: vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec] vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec] vpu_dec_deinit+0x1c/0x30 [mtk_vcodec_dec] vdec_hevc_slice_deinit+0x30/0x98 [mtk_vcodec_dec] vdec_if_deinit+0x38/0x68 [mtk_vcodec_dec] mtk_vcodec_dec_release+0x20/0x40 [mtk_vcodec_dec] fops_vcodec_release+0x64/0x118 [mtk_vcodec_dec] v4l2_release+0x7c/0x100 __fput+0x80/0x2d8 __fput_sync+0x58/0x70 __arm64_sys_close+0x40/0x90 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0xd8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x1a8/0x1b0 Code: d503201f f9401660 b900127f b900227f (f9400400)
AI-Powered Analysis
Technical Analysis
CVE-2024-35921 is a vulnerability identified in the Linux kernel, specifically within the MediaTek video codec (vcodec) driver component that handles HEVC (High Efficiency Video Coding) decoding. The flaw arises from improper handling of the stateless HEVC decoder's initialization process. When the HEVC decoder initialization fails, the driver erroneously saves a pointer to the decoder instance in the context regardless of success or failure. This leads to a use-after-free condition because the pointer is freed during the deinitialization process if initialization fails, but the stale pointer remains stored and can be accessed later. The vulnerability manifests as an oops (kernel crash) triggered by the function vcodec_vpu_send_msg in the MediaTek vcodec driver, which is part of the Linux kernel's media subsystem. The call trace indicates that the issue occurs during the deinitialization and release of the video codec context, specifically in functions like vpu_dec_deinit and vdec_hevc_slice_deinit. This bug can cause kernel instability or crashes when processing HEVC video streams on affected hardware platforms, such as the Acer Tomato (rev3 - 4) board, which uses the MediaTek video codec hardware. The root cause is a failure to conditionally store the instance pointer only upon successful initialization, which was fixed by ensuring the pointer is saved only if initialization succeeds. There is no CVSS score assigned yet, and no known exploits in the wild have been reported. The vulnerability was published on May 19, 2024, and is relevant to Linux kernel versions containing the affected MediaTek vcodec driver code. This flaw is a typical use-after-free vulnerability that can lead to denial of service through kernel crashes and potentially could be leveraged for privilege escalation or arbitrary code execution if combined with other vulnerabilities, although such exploitation is not confirmed at this time.
Potential Impact
For European organizations, the impact of CVE-2024-35921 primarily involves potential system instability and denial of service on Linux systems utilizing MediaTek video codec hardware, particularly those processing HEVC video streams. This could affect servers, embedded devices, or workstations running vulnerable Linux kernels with MediaTek vcodec support enabled. Organizations relying on multimedia processing, video streaming, or embedded Linux devices with MediaTek chipsets may experience unexpected kernel crashes, leading to service interruptions or degraded performance. While no active exploits are known, the vulnerability could be targeted by attackers to disrupt operations or as a stepping stone for privilege escalation in multi-user environments. The impact is more pronounced in sectors with critical multimedia infrastructure, such as broadcasting, media production, telecommunications, and IoT deployments. Additionally, since Linux is widely used in European data centers and embedded systems, unpatched systems could face increased risk of stability issues. The vulnerability does not directly expose data confidentiality or integrity but affects availability and system reliability. Given the kernel-level nature of the flaw, successful exploitation could undermine system security controls, emphasizing the need for timely patching.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems using MediaTek video codec hardware or running kernels with the affected vcodec driver. 2) Apply the latest Linux kernel patches that address CVE-2024-35921 as soon as they become available from trusted sources such as the official Linux kernel repositories or vendor distributions. 3) For embedded or specialized devices (e.g., Acer Tomato boards or similar hardware), coordinate with hardware vendors for firmware or kernel updates incorporating the fix. 4) If immediate patching is not feasible, consider disabling or restricting HEVC video decoding functionality in the MediaTek vcodec driver to prevent triggering the vulnerable code paths. 5) Monitor system logs for kernel oops or crashes related to vcodec operations to detect potential exploitation attempts or instability. 6) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Control Flow Integrity (CFI) to reduce exploitation likelihood. 7) Maintain robust incident response and recovery plans to quickly address any service disruptions caused by this vulnerability. These steps go beyond generic advice by focusing on hardware-specific identification, vendor coordination, and operational monitoring tailored to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.124Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2192
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:11:17 AM
Last updated: 8/2/2025, 6:41:33 AM
Views: 14
Related Threats
CVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumCVE-2025-8482: CWE-862 Missing Authorization in 10up Simple Local Avatars
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.