CVE-2022-50383

EUVD-2025-29991
In the Linux kernel, the following vulnerability has been resolved:

media: mediatek: vcodec: Can't set dst buffer to done when lat decode error

Core thread will call v4l2_m2m_buf_done to set dst buffer done for
lat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to
free dst buffer when lat decode error, core thread will access kernel
NULL pointer dereference, then crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.16
linuxlinux_kernel
6.1 ≤
𝑥
< 6.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/3568ecd3f3a6d133ab7feffbba34955c8c79bbc4
https://git.kernel.org/stable/c/66d26ed30056e7d2da3e9c14125ffe6049a4f907
https://git.kernel.org/stable/c/eeb090420f3477eb5011586709409fc655c2b16c