Executive Summary

Informations
Name CVE-2024-50266 First vendor Publication 2024-11-19
Vendor Cve Last vendor Modification 2024-11-22

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs

A recent change in the venus driver results in a stuck clock on the Lenovo ThinkPad X13s, for example, when streaming video in firefox:

video_cc_mvs0_clk status stuck at 'off'
WARNING: CPU: 6 PID: 2885 at drivers/clk/qcom/clk-branch.c:87 clk_branch_wait+0x144/0x15c
...
Call trace:
clk_branch_wait+0x144/0x15c
clk_branch2_enable+0x30/0x40
clk_core_enable+0xd8/0x29c
clk_enable+0x2c/0x4c
vcodec_clks_enable.isra.0+0x94/0xd8 [venus_core]
coreid_power_v4+0x464/0x628 [venus_core]
vdec_start_streaming+0xc4/0x510 [venus_dec]
vb2_start_streaming+0x6c/0x180 [videobuf2_common]
vb2_core_streamon+0x120/0x1dc [videobuf2_common]
vb2_streamon+0x1c/0x6c [videobuf2_v4l2]
v4l2_m2m_ioctl_streamon+0x30/0x80 [v4l2_mem2mem]
v4l_streamon+0x24/0x30 [videodev]

using the out-of-tree sm8350/sc8280xp venus support. [1]

Update also the sm8350/sc8280xp GDSC definitions so that the hw control mode can be changed at runtime as the venus driver now requires.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50266

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3688

Sources (Detail)

https://git.kernel.org/stable/c/d055f6f2bdfb8b9c9bc071f748c16bd3afb2db0f
https://git.kernel.org/stable/c/f903663a8dcd6e1656e52856afbf706cc14cbe6d
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2025-03-29 03:43:03
  • Multiple Updates
2025-03-28 13:46:46
  • Multiple Updates
2025-03-28 03:20:46
  • Multiple Updates
2025-03-19 03:15:56
  • Multiple Updates
2025-03-18 03:28:55
  • Multiple Updates
2025-03-14 03:16:07
  • Multiple Updates
2025-03-06 14:12:40
  • Multiple Updates
2025-02-22 03:26:13
  • Multiple Updates
2025-01-08 03:07:08
  • Multiple Updates
2025-01-07 03:06:41
  • Multiple Updates
2024-12-25 03:05:18
  • Multiple Updates
2024-12-12 03:08:13
  • Multiple Updates
2024-11-23 00:22:42
  • Multiple Updates
2024-11-20 03:02:02
  • Multiple Updates
2024-11-20 03:01:14
  • Multiple Updates
2024-11-20 00:20:28
  • Multiple Updates
2024-11-19 09:20:29
  • First insertion