CVE-2024-49913

MEDIUM EPSS 16.0%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream This commit addresses a null pointer dereference issue in the `commit_planes_for_stream` function at line 4140. The issue could occur when `top_pipe_to_program` is null. The fix adds a check to ensure `top_pipe_to_program` is not null before accessing its stream_res. This prevents a null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
16.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3

References 9

  • git.kernel.org https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f
    Patch