#VU98925 NULL pointer dereference in Linux kernel - CVE-2024-49907

Vulnerability identifier: #VU98925

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/8d54001f8dccd56146973f23f3ab2ba037a21251
https://git.kernel.org/stable/c/a545a9403e04c6e17fdc04a26a61d9feebbba106
https://git.kernel.org/stable/c/a2773e0a4b79e7a6463abdffaf8cc4f24428ba18
https://git.kernel.org/stable/c/9641bc4adf8446034e490ed543ae7e9833cfbdf5
https://git.kernel.org/stable/c/3f7e533c10db3d0158709a99e2129ff63add6bcd
https://git.kernel.org/stable/c/5ba3fbf75b243b2863a8be9e7c393e003d3b88f3
https://git.kernel.org/stable/c/95d9e0803e51d5a24276b7643b244c7477daf463

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.