CVE-2022-49165

media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers

Published: 2/26/2025 Last updated: 5/11/2026 Reserved: 2/26/2025

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers If the application queues an NV12M jpeg as output buffer, but then queues a single planar capture buffer, the kernel will crash with "Unable to handle kernel NULL pointer dereference" in mxc_jpeg_addrs, prevent this by finishing the job with error.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (4)

Product	Vendor	Version
Linux	Linux	n/a
Linux	Linux	The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016
Linux	Linux	12.4(2)XA2
Linux	Linux	12.3(14)YM4

CVE-2022-49165

media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers

Opam packages affected (29)

Products affected (4)

References (8)