Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Mediatek JPEG Decoder Module Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Mediatek JPEG decoder module of the Linux kernel. This issue arises because the module does not properly cancel scheduled work before it is removed, leading to a typical use-after-free scenario. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can commonly be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by loading the Mediatek JPEG decoder module and allowing it to schedule a job timeout work. If the module is then removed without canceling the scheduled work, a use-after-free condition occurs when the unfinished work tries to access a freed memory context.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.

Added: Dec 24, 2025, 3:32 PM
Updated: Dec 24, 2025, 3:32 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.4
remediation
7.7
relevance
1.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.