#VU99203 Input validation error in Linux kernel - CVE-2024-50049
Vulnerability identifier: #VU99203
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/f4149eec960110ffd5bcb161075dd9f1d7773075
https://git.kernel.org/stable/c/c643ef59390e49f1dfab35e8ea65f5db5e527d64
https://git.kernel.org/stable/c/97a79933fb08a002ba9400d1a7a5df707ecdb896
https://git.kernel.org/stable/c/65b2d49e55fe13ae56da3a7685bdccadca31134a
https://git.kernel.org/stable/c/a9b4fd1946678fa0e069e442f3c5a7d3fa446fac
https://git.kernel.org/stable/c/ff599ef6970ee000fa5bc38d02fa5ff5f3fc7575
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
