CVE-2024-47752
📋 TL;DR
A NULL pointer dereference vulnerability in the MediaTek H264 stateless decoder driver in the Linux kernel can cause a kernel crash when frame buffer (fb) is NULL. This affects systems using MediaTek video codec hardware with the vulnerable driver. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with MediaTek vcodec driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service through kernel panic, potentially leading to system reboot and service disruption.
Likely Case
Local user or process causing kernel crash when accessing the vulnerable video decoder functionality with malformed input.
If Mitigated
Minimal impact with proper access controls and process isolation in place.
🎯 Exploit Status
Requires local access and ability to trigger the vulnerable code path through video decoding operations. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 18181b0c1c5bd43846e5e0ae3d61a4a1adceab03, 7878d3a385efab560dce793b595447867fb163f2, 790d1848fac5ac3b1c474f66162598ab07a20c21, c6b9f971b43980de8893610f606d751131fb5d86
Vendor Advisory: https://git.kernel.org/stable/c/18181b0c1c5bd43846e5e0ae3d61a4a1adceab03
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable MediaTek vcodec driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist mtk-vcodec' > /etc/modprobe.d/disable-mtk-vcodec.conf
rmmod mtk-vcodec
Restrict access to video decoding
linuxLimit which users/processes can access video decoding functionality
chmod 600 /dev/mtk-vcodec
setfacl -m u:root:rw /dev/mtk-vcodec
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute video decoding operations
- Monitor system logs for kernel panic events related to MediaTek vcodec driver
🔍 How to Verify
Check if Vulnerable:
Check if MediaTek vcodec driver is loaded: lsmod | grep mtk-vcodec. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test H264 decoding functionality with edge cases.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in dmesg
- MediaTek vcodec driver crash logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer" OR "kernel panic" OR "mtk-vcodec")