#VU98991 NULL pointer dereference in Linux kernel - CVE-2024-47720

Vulnerability identifier: #VU98991

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/44948d3cb943602ba4a0b5ed3c91ae0525838fb1
https://git.kernel.org/stable/c/64886a4e6f1dce843c0889505cf0673b5211e16a
https://git.kernel.org/stable/c/ddf9ff244d704e1903533f7be377615ed34b83e7
https://git.kernel.org/stable/c/84edd5a3f5fa6aafa4afcaf9f101f46426c620c9
https://git.kernel.org/stable/c/72ee32d0907364104fbcf4f68dd5ae63cd8eae9e
https://git.kernel.org/stable/c/08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.