#VU99224 Input validation error in Linux kernel - CVE-2024-49892
Vulnerability identifier: #VU99224
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/f921335123f6620c3dce5c96fbb95f18524a021c
https://git.kernel.org/stable/c/1f9f8186e239222f1c8d3dd73bf3bc6ae86c5e76
https://git.kernel.org/stable/c/a23d6029e730f8a151b1a34afb169baac1274583
https://git.kernel.org/stable/c/c7630935d9a4986e8c0ed91658a781b7a77d73f7
https://git.kernel.org/stable/c/bc00d211da4ffad5314a2043b50bdc8ff8a33724
https://git.kernel.org/stable/c/3334ab72cbba55a632f24579cd47c4a4e5e69cda
https://git.kernel.org/stable/c/4067f4fa0423a89fb19a30b57231b384d77d2610
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
