Resource management error in Linux kernel drm mediatek driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-38549 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364
http://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67
http://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350
http://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4
http://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05
http://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594
http://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7
http://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405
http://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
