A race condition in the mtk-jpeg driver's release process can trigger a use-after-free vulnerability, leading to system crashes.

The mtk_jpeg_release() function frees the context structure without properly cancelling pending or running work in ctx->jpeg_work. This leaves a dangling pointer, resulting in a use-after-free condition when the work queue attempts to access the already-freed context.

This flaw can be used to cause a denial-of-service (system crash) on devices that utilize the MediaTek JPEG hardware decoder. With a 7.8 CVSS score, it represents a high-severity risk for mobile or embedded devices running affected kernel versions.

Immediate Action: Update the kernel to a version that properly cancels pending work in the mtk-jpeg release path.

Proactive Monitoring: Monitor system logs for kernel panics during video processing or JPEG decoding tasks.

Compensating Controls: If applicable, restrict user access to the hardware media decoders.

Public Exploit Available: false

This vulnerability should be addressed through standard patch management processes for kernel-based software. Given the risk of system instability, ensure that all affected hardware devices receive the necessary kernel update.