#VU98962 NULL pointer dereference in Linux kernel - CVE-2024-49896

Vulnerability identifier: #VU98962

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0167d570f6a0b38689c4a0e50bf79c518d827500
https://git.kernel.org/stable/c/14db8692afe1aa2143b673856bb603713d8ea93f
https://git.kernel.org/stable/c/e8da54b7f8a17e44e67ea6d1037f35450af28115
https://git.kernel.org/stable/c/42d31a33643813cce55ee1ebbad3a2d0d24a08e0
https://git.kernel.org/stable/c/5b4b13e678b15975055f4ff1ce4cf0ce4c19b6c4
https://git.kernel.org/stable/c/e41a291e1bef1153bba091b6580ecc7affc53c82
https://git.kernel.org/stable/c/35ff747c86767937ee1e0ca987545b7eed7a0810

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.