#VU98934 NULL pointer dereference in Linux kernel - CVE-2024-49913
Vulnerability identifier: #VU98934
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356
https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122
https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4
https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f
https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8
https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72
https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
