CVE-2024-43886

MEDIUM EPSS 9.7%
Published Aug 26, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 26, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
9.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel* <6.10.5

References 2

  • git.kernel.org https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee
    Patch