CVE-2024-47754 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-47754?

CVE-2024-47754 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the MediaTek video decoder driver for H.264 multi stateless decoding in the Linux kernel can cause a kernel crash when frame buffer (fb) is NULL. This affects systems using MediaTek hardware with the vulnerable driver, potentially leading to denial of service. The vulnerability requires local access to trigger.

📋 TL;DR

A NULL pointer dereference vulnerability in the MediaTek video decoder driver for H.264 multi stateless decoding in the Linux kernel can cause a kernel crash when frame buffer (fb) is NULL. This affects systems using MediaTek hardware with the vulnerable driver, potentially leading to denial of service. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:

Linux kernel with MediaTek vcodec driver

Versions: Linux kernel versions containing vulnerable MediaTek vcodec driver code prior to fixes

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with MediaTek hardware using the specific video decoder driver. Requires H.264 multi stateless decoder functionality.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.

🟠

Likely Case

Local user triggers kernel crash causing temporary system unavailability until reboot.

🟢

If Mitigated

Minimal impact with proper access controls preventing local users from accessing vulnerable interfaces.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with access to video decoding interfaces could cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger specific video decoding operations. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 301f7778263116388c20521a1a641067647ab31c, 47b3b97930913ca74a595cc12bdbb650259afc6e, 588bcce9e64cc5138858ab562268eb3943c5b06c, 9be85491619f1953b8a29590ca630be571941ffa, d48890ef8765001caff732ac6ec80a3b2e470215

Vendor Advisory: https://git.kernel.org/stable/c/301f7778263116388c20521a1a641067647ab31c

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable MediaTek vcodec driver

linux

Remove or blacklist the vulnerable MediaTek video decoder driver module

echo 'blacklist mtk-vcodec' >> /etc/modprobe.d/blacklist.conf
rmmod mtk-vcodec

Restrict access to video decoding interfaces

linux

Use SELinux/AppArmor to restrict which users/processes can access video decoding functionality

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from accessing video decoding interfaces
Monitor system logs for kernel panic events and implement automated alerting

🔍 How to Verify

Check if Vulnerable:

Check if MediaTek vcodec driver is loaded: lsmod | grep mtk-vcodec. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Test H.264 multi stateless decoding functionality.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference errors in kernel logs
System crash/reboot events

SIEM Query:

source="kernel" AND ("NULL pointer" OR "kernel panic" OR "oops") AND "vcodec"

📊 Metadata

CVE ID: CVE-2024-47754

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47754, you might also want to check these: