Improper error handling in Linux kernel dc dcn20 driver



Published: 2024-09-18
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-46714
CWE-ID CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b
http://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca
http://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50
http://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4
http://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a
http://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786
http://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###