NULL pointer dereference in Linux kernel

#VU98991 NULL pointer dereference in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU98991

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/44948d3cb943602ba4a0b5ed3c91ae0525838fb1
http://git.kernel.org/stable/c/64886a4e6f1dce843c0889505cf0673b5211e16a
http://git.kernel.org/stable/c/ddf9ff244d704e1903533f7be377615ed34b83e7
http://git.kernel.org/stable/c/84edd5a3f5fa6aafa4afcaf9f101f46426c620c9
http://git.kernel.org/stable/c/72ee32d0907364104fbcf4f68dd5ae63cd8eae9e
http://git.kernel.org/stable/c/08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP3 update for kernel

openEuler 22.03 LTS SP1 update for kernel

openEuler 24.03 LTS update for kernel

NULL pointer dereference in Linux kernel dc dcn30 driver