SB2024112060 - Buffer overflow in Linux kernel platform s5p-jpeg driver
Published: November 20, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024112060
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-53061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51
- https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b
- https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef
- https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e
- https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e
- https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd
- https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51
- https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.324
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.230
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.172
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.286
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.61