CVE-2024-56577: 
Linux Kernel vulnerability analysis and mitigation

A null pointer dereference vulnerability was discovered in the Linux kernel's MediaTek JPEG driver (CVE-2024-56577). The issue occurs during module unload in the mtk-jpeg component, specifically related to workqueue destruction in mtk_jpeg_core.c. This vulnerability was introduced after commit 09aea13ecf6f which refactored some variables in the driver (NVD).

The vulnerability is caused by improper handling of workqueue destruction during module unload. When the module is unloaded, a null pointer dereference occurs in the range [0x0000000000000118-0x000000000000011f]. The issue manifests as a kernel paging request failure at virtual address dfff800000000023. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a kernel crash due to the null pointer dereference, leading to a denial of service condition. The issue affects the system's stability during the unloading of the MTK JPEG driver module (NVD).

The vulnerability has been fixed by moving the workqueue destruction functionality to mtk_jpeg_core.c and implementing proper cleanup procedures. The fix involves adding a new mtk_jpeg_destroy_workqueue function and using devm_add_action_or_reset to ensure proper resource cleanup (Kernel Patch).